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ABSTRACT 


The  U.S.  Navy  (USN)  has  a  large  enterprise  network  outside  the  continental  U.S. 
(OCONUS)  that  is  complex  and  expensive  to  maintain.  The  problem  addressed  by  this 
thesis  is  to  determine  which  alternative  desktop  deployment  technology  is  more  cost 
effective  over  time  while  maintaining  the  users’  operational  requirements.  The  USN  is 
conducting  a  technology  refresh  of  its  OCONUS  navy  enterprise  network  (ONE -NET) 
with  thick-client  desktop  computers.  This  thesis  proposes  an  alternative  solution  using 
thin-client  desktops  with  data  center  server  virtualization-based  technology  as  a  lower 
cost  option.  To  back  up  this  claim  of  lower  cost,  an  analysis  was  carried  out  to  determine 
the  total  ownership  costs  (TCO)  of  both  the  current  thick-client  and  proposed  thin-client 
solutions.  A  cost  per  seat  (CPS)  model  developed  by  Naval  Network  Warfare  Command 
(NNWC)  was  used  to  calculate  major  cost  components — labor,  hardware,  software,  and 
transport,  while  a  VMware  tool  was  used  to  calculate  power  and  cooling  costs  for  both 
solutions.  In  addition,  VMware  provided  a  cost  estimate  for  the  upfront  hardware  and 
software  licensing  costs  needed  to  support  the  virtualization  support  for  the  thin-clients 
solution.  The  conclusion  of  the  TCO  comparison  is  that,  for  the  27,284  users,  the  thin- 
client  solution  would  save  $238  million  over  seven  years. 
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EXECUTIVE  SUMMARY 


The  U.S.  Navy  (USN)  has  a  large  enterprise  network  outside  the  continental  U.S. 
(OCONUS),  which  is  complex  and  expensive  to  maintain.  The  OCONUS  navy 
enterprise  network  (ONE-NET)  covers  three  major  regions  identified  as  the  island  nation 
of  Bahrain,  Far  East,  and  Europe.  There  are  nine  sites  in  the  Far  East,  four  sites  in 
Europe,  and  one  site  in  Bahrain  that  comprise  the  network  support  centers  (NSC)  of  the 
ONE-NET  enterprise  network.  Starting  in  2010  through  2016,  the  USN  will  be 
refreshing  the  ONE-NET  technology,  after  which  it  will  be  replaced  by  a  new  next 
generation  enterprise  network  (NGEN).  In  this  technology  refresh,  the  USN  is  in  the 
process  of  deploying  thick-client  desktop  computers  to  27,284  users.  However,  thick- 
client  technology  is  not  the  only  available  solution  as  there  are  several  thin-client 
solutions  as  well  that  can  potentially  meet  the  operational  requirements  of  ONE-NET  at  a 
lower  cost.  Historically,  thin-client  technology  has  gone  through  several  generations  of 
improvement  in  capabilities  and  has  recently  shown  that  it  can  provide  the  same  user 
experience  as  the  thick-client  solution.  Therefore,  it  raises  the  question  of  whether  the 
thick-client  solution  is  the  most  cost  effective  one.  Given  the  obvious  goal  of  any 
organization  to  save  money  where  it  can  on  expenses,  the  challenge  is  to  properly  plan 
and  execute  a  long-term  service  capability  such  as  ONE-NET,  which  will  have  the  lowest 
total  ownership  costs  (TCO). 

The  problem  addressed  by  this  thesis  is:  which  alternative  desktop  technology  is 
more  cost  effective  over  the  next  seven  years  (until  NGEN  replaces  ONE-NET),  while 
maintaining  the  users’  operational  requirements?  This  thesis  proposes  that  an  alternative 
solution  using  thin-client  desktops  with  data  center  server  virtualization-based  technology 
could  be  the  lower  cost  option  over  the  current  thick-client  solution.  To  support  this 
claim  of  lower  TCO,  a  study  was  done  on  the  technology  and  operation  of  the  current 
ONE-NET  in  order  to  get  an  understanding  of  the  major  cost  contributing  factors,  and  an 
analysis  was  then  done  to  obtain  the  TCO  for  both  thick-client  and  thin-client  solutions. 
A  cost  per  seat  (CPS)  model  developed  by  Naval  Network  Warfare  Command  (NNWC) 
was  used  to  calculate  the  major  cost  components  for  labor,  hardware,  software,  and 
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transport  using  various  pricing  and  labor  rates  as  inputs  to  the  model.  Both  solutions 
assume  27,284  user  seats  and  a  period  of  seven  years.  Since  the  original  model  was  done 
for  a  period  starting  in  2005,  an  inflation  index  was  used  to  calculate  the  inflation  offset 
of  10.7%  for  2010,  and  it  was  applied  to  the  model  in  order  to  shift  the  calculations  to 
cover  the  period  from  2010  through  2016.  The  results  of  the  CPS  model  show  that  the 
labor  and  hardware  costs  for  the  thick-client  are,  respectively,  $545  million  and  $97 
million.  While  the  labor  and  hardware  costs  for  the  thin-client  solution  are,  respectively, 
$335  million  and  $39  million.  In  addition,  VMware  provided  a  cost  estimate  for  the 
upfront  hardware  and  software  licensing  costs  needed  to  support  the  virtualization 
support  for  the  thin-clients  solution,  which  is  not  a  cost  factor  for  the  thick-client 
solution.  This  upfront  cost  is  $41  million  over  the  five-year  period  of  rolling  out  the 
technology  refresh,  which  is  the  same  period  for  the  thick-client  solution.  Having  the 
same  schedule  for  comparison  also  provides  a  confirmation  that  the  proper  pricing  is 
being  used  as  it  is  normally  tied  to  a  schedule — the  shorter  time  period  often  raises  the 
cost  for  the  same  fixed  job.  Finally,  the  power  and  cooling  costs,  obtained  with  a 
VMware  tool,  for  both  the  thick-client  and  thin-client  solutions  indicate  that  the  thin- 
client  solution  saved  $11.6  million. 

The  conclusion  of  the  TCO  comparison  is  that  for  the  27,284  users,  the  thin-client 
solution  would  save  the  sponsoring  organization  $238  million  over  seven  years.  This  is  a 
significant  amount  considering  that  an  acquisition  program  of  over  $100  million  is 
considered  a  major  acquisition  program,  and  this  is  just  the  savings  amount.  Therefore, 
the  results  of  this  thesis  could  potentially  benefit  the  U.S.  Navy’s  program  executive 
office — enterprise  information  systems  (PEO-EIS),  which  is  the  ONE-NET  acquisition 
program  sponsor. 

Further  research  is  recommended  in  the  latest  technology  development  area  of 
cloud  computing,  offering  an  interesting  topic  for  future  work  on  how  the  concept  relates 
to  enterprise  networks  and  TCO.  The  area  of  information  assurance  (IA),  a  challenging 
problem  for  cloud  computing,  is  also  a  potential  topic  for  future  research. 
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I. 


INTRODUCTION 


The  purpose  of  this  chapter  is  to  provide  a  brief  description  of  the  background  that 
motivated  this  thesis,  including  the  introduction  of  the  subject  matter  and  some 
terminology  used  to  describe  the  technology  of  thin-client  computing.  A  short 
description  of  the  factors  and  benefits  derived  from  the  proposed  use  of  a  thin-client 
solution  is  provided  that  was  used  for  calculating  the  Total  Cost  of  Ownership  (TCO).  In 
addition,  the  thesis  objective  is  defined,  followed  by  the  research  questions,  research 
benefits,  and  an  overview  of  the  scope  and  methodology  used  in  this  thesis. 

A.  BACKGROUND 

PC  Magazine  defines  an  Enterprise  Network  as  “[a]  geographically  dispersed 
network  under  the  jurisdiction  of  one  organization.  It  often  includes  several  different 
types  of  networks  and  computer  systems  from  different  vendors”  (PC  Magazine,  2010). 

In  2000,  the  Department  of  Navy  (DON)  awarded  an  outsourcing  contract  to 
Electronic  Data  Systems  (EDS)  for  a  consolidated  DON  enterprise  network  called  the 
Navy  Marine  Corps  Intranet  (NMCI).  The  NMCI  contract  was  set  up  to  provide  the 
majority  of  Information  Technology  (IT)  services  for  the  DON,  including  the  United 
States  Navy  and  Marine  Corps.  However,  NMCI  was  limited  to  the  Continental  United 
State  (CONUS),  so  another  contract  was  awarded  in  2001  to  General  Dynamics, 
Government  Systems  Corp.,  for  the  Base  Level  Information  Infrastructure  (BLII) 
improvements  at  the  Navy’s  Outside  Continental  United  States  (OCONUS)  installations. 
Unlike  NMCI,  BLII  is  owned  by  Program  Executive  Office — Enterprise  Information 
Systems  (PEO-EIS)  and  operated  by  the  Navy  Network  Warfare  Command  (NNWC). 
The  consolidated  DON  enterprise  network  at  the  OCONUS  was  called  as  the  OCONUS 
NMCI  in  2001  and  renamed  the  OCONUS  Navy  Enterprise  Network  in  2002,  which  is 
abbreviated  as  ONE-NET.  The  term  ONE-NET  will  be  used  from  here  on. 

From  a  global  perspective,  Figure  1  shows  ONE-NET’s  distribution  coverage  of 
the  OCONUS  naval  bases,  posts,  camps,  and  stations,  with  their  geographic  locations 
around  the  world.  Nine  sites  in  the  Far  East,  four  sites  in  Europe,  and  one  site  in  Bahrain 

1 


comprise  the  Network  Support  Centers  (NSC)  of  the  ONE-NET  enterprise  network.  The 
three  central  sites  are  known  as  the  ONE-NET  Theater  Network  Operations  Security 
Centers  (TNOSCs),  which  are  located  in  Yokosuka,  Japan;  Naples,  Italy;  and  the  island 
nation  of  Bahrain.  The  remaining  fourteen  are  known  as  Local  Network  Support  Centers 
(LNSCs).  All  of  the  ONE-NET  locations  are  logically  connected  to  each  other  via  the 
Defense  Information  System  Network  (DISN)  and  have  varying  ranges  of  bandwidth.  As 
its  connectivity  is  not  provided,  DISN  is  referred  to  as  a  ‘Cloud’,  an  industry  term  used  to 
describe  a  logical  network.  Throughout  the  regions  covered  by  DISN,  there  are  Base 
Area  Networks  (BAN),  Metropolitan  Area  Networks  (MAN)  and  Wide  Area  Networks 
(WAN). 
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Figure  1 .  ONE-NET  Sites  (From  SSC  PAC,  20 1 0a) 


The  DON  Chief  Information  Officer  (CIO)  is  responsible  for  developing  the 
vision,  strategy,  and  Concept  of  Operations  (CONOPS)  for  DON's  future  Naval  Network 
Environment  (NNE).  The  NNE  is  composed  of  four  major  network  components:  Next 
Generation  Enterprise  Network  (NGEN)  as  the  follow-on  to  NMCI,  BLII/ONE-NET, 
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Consolidated  Afloat  Networks  and  Enterprise  Services  (CANES)  as  the  shipboard 
component,  and  the  other  remaining  legacy  networks. 

The  motivation  for  this  thesis  is  to  explore  the  financial  opportunity  of  leveraging 
the  current  ONE-NET  enterprise  networking  technology  refresh  by  replacing  the  thick- 
client  Personal  Computers  (PC)  with  thin-client  devices.  A  thick-client  or  fat-client  is  a 
full-featured  PC  that  is  connected  to  a  network,  while  thin-client  lacks  hard  drives  and 
other  features. 

Thin-client  computing  has  been  around  since  the  beginning  of  computers,  but  it 
has  gone  through  some  cycles  where  hardware  and  software  do  not  always  match  in  their 
capabilities.  Most  often,  the  software  is  more  advanced  than  the  supporting  hardware. 
Starting  with  mainframe  computers  and  directly  attached  terminals,  the  processing  then 
shifted  to  the  smaller  and  cheaper  PC.  As  lower-cost  workstations  took  over  the 
computationally  intensive  portion  of  the  mainframe  computer  processing,  a  new  class  of 
low-cost  terminals  evolved  that  provided  access  to  remote  centralized  workstations. 
However,  the  terminals  quickly  lost  their  appeal  because  the  early  Internet  could  not 
support  the  bandwidth  required  to  support  the  full  Graphical  User  Interface  (GUI)  of  the 
new  terminals.  The  chosen  solution  between  PCs  and  terminals  swung  back  and  forth  a 
few  more  times  before  achieving  today’s  satisfactory  performance  of  centralized  servers 
and  thin-client  computing  technology. 

This  thesis  is  focused  only  on  TCO  of  ONE-NET,  because  the  other  NNE 
network  components,  for  which  the  technology  is  also  applicable,  are  currently 
outsourced  and  their  implementation  is  not  under  DON  control.  Although  TCO  is  very 
complex  and  difficult  to  prove  as  an  absolute  cost  that  takes  into  account  every  factor  that 
contributes  to  the  total  cost,  this  thesis  focuses  on  the  major  cost  contributing  factors  for 
the  acquisition  of  the  ONE-NET  technology  and  services.  The  major  cost  contributing 
factors  that  were  analyzed  are  labor,  hardware,  software,  and  transport. 

TCO  provides  a  long-term  measure  of  cost,  and  this  thesis  covers  a  seven-year 
period  to  cover  the  support  required  for  ONE-NET. 
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B.  OBJECTIVE 


The  purpose  of  this  thesis  is  to  demonstrate  how  Total  Cost  of  Ownership  (TCO) 
of  the  Outside  Continental  U.S.  (OCONUS)  Navy  Enterprise  Network  (ONE-NET)  can 
be  reduced  by  deploying  thin-client  devices,  instead  of  full  desktop  PCs,  and  leveraging 
the  centralized  server  virtualization  technology  being  deployed  in  the  data  centers.  Data 
centers  are  facilities  used  to  house  systems  such  as  computer  servers,  associated 
telecommunication  routers,  storage  components,  etc. 

C.  RESEARCH  QUESTIONS 

The  primary  questions  are: 

1.  What  is  the  Total  Cost  of  Ownership  (TCO)  for  the  current  OCONUS 
Navy  Enterprise  Network  (ONE-NET)  over  the  next  seven  years?  Note 
that  the  seven-year  period  enables  the  alignment  of  the  thesis  analysis  with 
the  planned  lifespan  of  ONE-NET  before  it  will  be  replaced  with  NGEN 
by  NNWC. 

2.  Can  the  TCO  be  reduced  by  using  a  thin-client  desktop  deployment  and 
virtualization-based  server  technology? 

Answering  the  first  question  amounts  to  deriving  the  TCO  of  the  current  thick- 
client  solution,  which  is  a  proven  technology,  whereas  the  proposed  alternative  thin-client 
solution  adds  some  technical  risk.  The  second  question  is  responded  to  by  answering  the 
following  detailed  questions. 

1.  Will  replacement  of  the  current  thick-client  desktops  with  thin-client 
desktops  meet  the  operational  requirements  of  ONE-NET? 

2.  Will  the  TCO  of  ONE-NET  over  the  next  seven  years  be  low  enough  to 
justify  the  additional  risk  and  up-front  investment  in  deploying  the  thin- 
client  desktops? 

3.  Are  there  any  other  compelling  advantages  to  deploying  thin-client 
desktops  and  virtualization-based  server  technology  over  the  current  thick- 
client  desktops? 

4.  Can  the  deployment  of  thin-client  desktops  be  done  during  the  current 
seven  year  technology  support  period  and  still  lower  the  TCO? 

5.  What  would  be  the  recommended  deployment  methodology  that  will 
achieve  the  lower  TCO? 

D.  RESEARCH  BENEFIT 

Enabling  a  reduction  of  the  TCO,  the  use  of  thin-client  desktops  and  centralized 

server  virtualization  technology,  espoused  in  this  thesis,  will  potentially  benefit  the  U.S. 
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Navy’s  Program  Executive  Office-Enterprise  Information  Systems  (PEO-EIS),  the 
sponsor  of  ONE-NET. 


E.  SCOPE  AND  METHODOLOGY 

1.  Scope 

The  focus  of  this  thesis  is  on  the  TCO  comparison  between  the  current  thick- 
client  solution  and  the  proposed  thin-client  alternative,  which  also  leverages  the 
centralized  server  virtualization  technology.  The  comparison  attributes  are  technical 
capability,  deployment  schedule  feasibility,  and  the  TCO.  The  TCO  accounts  for  costs  of 
labor,  hardware,  software,  and  data  transport  as  well  as  the  additional  cost  of  power  and 
cooling. 

2.  Methodology 

The  methodology  used  in  this  research  involves  the  following. 

1 .  Conducting  a  review  of  client  technology  evolutions; 

2.  Identifying  and  analyzing  key  architecture  evaluation  factors  that  impact 
the  cost  and  performance  of  implementing  the  alternative  thin-client 
solution; 

3.  Identifying  and  justifying  some  assumptions  required  by  the  calculation 
model  inputs; 

4.  Performing  quantitative  cost  calculations  using  the  major  contributed 
factors  for  the  TCO  calculation  model  and  comparison; 

5.  Formulating  a  recommendation  regarding  the  implementation  of  the 

alternative  solution  that  could  benefit  the  ONE-NET  acquisition  program 
office. 

F.  THESIS  ORGANIZATION 

The  thesis  is  organized  into  five  chapters  including  this  Chapter  I,  which  provides 
the  introduction.  Chapter  II  discusses  the  topic  of  centralized  servers  and  thin-client 
computing  technology.  The  analysis  and  identification  of  the  key  architecture  evaluation 
factors  is  done  in  Chapter  III.  Chapter  IV  presents  and  calculates  the  TCO  of  both 
alternative  solutions  for  comparison.  Finally,  Chapter  V  provides  the  conclusions  and 
recommendations  based  on  the  results  of  this  research. 
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II.  CENTRALIZED  SERVERS  AND  THIN-CLIENT  COMPUTING 


The  purpose  of  this  chapter  is  to  provide  the  definitions  and  the  theory  of  client- 
server  computing  model.  A  historical  review  on  thin-client  and  server  technology 
evolution  is  provided  as  a  means  to  gain  understanding  of  the  types  of  issues  and 
improvements  that  result  from  one  technology  generation  to  the  next. 

A.  DEFINITIONS  AND  THEORY 

A  client-server  model  includes  at  a  minimum  two  processes — one  for  the  client 
and  one  for  the  server — and  a  communications  channel  between  them.  The  client  and 
server  processes  can  reside  on  a  multiprocessing  computer  or  on  two  different  computers. 
Communications  among  multiple  computers  on  a  network  are  effected  by  two  major 
parts.  The  first  part  is  the  Berkeley  Software  Distribution  (BSD)  Sockets,  which  is  “a 
UNIX  operating  system  derivative  developed  and  distributed  by  the  Computer  Systems 
Research  Group  (CSRG)  of  the  University  of  California,  Berkeley,  from  1977  to  1995” 
(McKuick,  1999).  The  BSD  Sockets  are  the  mechanism  by  which  computers  interface 
with  the  network.  The  second  part  is  the  physical  network  with  protocols  that  facilitate 
communications  over  the  network,  which  was  funded  by  the  U.S.  Advanced  Research 
Projects  Agency  (ARP A)  and  later  evolved  into  the  Internet.  Although  there  are 
numerous  networking  protocols,  the  predominant  one  today  is  the  Internet  Protocol  (IP) 
along  with  many  higher-level  protocols  that  were  developed  by  ARPA.  In  summary,  the 
client  and  server  use  Sockets  to  communicate  with  each  other  over  the  network  using  IP- 
based  protocols  (Bach,  1986). 

Now,  what  processing  should  the  client  do  and  what  processing  should  the  server 
do?  The  answer  to  this  question  is  related  to  the  capabilities  and  costs  of  the  available 
technology.  Client  hardware,  along  with  its  supporting  software,  comes  in  several 
configurations  that  are  based  on  the  implemented  client  server  model  for  distributing  the 
processing  loads  between  the  client  and  the  server.  A  thick-client  or  fat-client  is  a  full- 
featured  computer  (PC)  that  is  connected  to  a  network.  “Unlike  thin-clients,  which  lack 
hard  drives  and  other  features,  thick-clients  are  functional  whether  they  are  connected  to 
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a  network  or  not”  (Tech  Terms,  2010).  Thin-client  technology  varies  between  the 
available  hardware  resources  and  the  protocols  they  rely  on  for  communicating  with  the 
servers.  The  expected  performance  also  determines  the  resources  needed  by  the  servers 
and  network  infrastructure  to  handle  the  required  communications  bandwidth.  Several 
variants  of  thin-client  technologies  include  truly  thin-client  or  zero-client,  which  is  akin 
to  the  terminal  concept  where  all  the  processing  except  the  Graphical  User  Interface 
(GUI)  is  done  by  the  server. 

B.  THIN-CLIENT  AND  SERVER  TECHNOLOGY  EVOLUTION 

It  is  important  to  understand  the  thin-client  technology  evolution  as  it  provides 
essential  lessons  learned  that  help  in  designing  future  enterprise  networks.  The  following 
is  a  short  overview  of  the  general  three  informal  generations  of  thin-client  and 
corresponding  server  technologies.  The  term  ‘generation’  here  means  a  generalized 
grouping  over  a  time  period  in  which  the  particular  thin-client  and  server  technology  is 
the  predominant  solution.  Note  that  the  term  ‘thin-client’  post-dates  the  terminal  days. 
In  a  sense,  the  so-called  “dumb  terminals”  were  actually  an  early  version  of  thin  clients, 
which  were  used  to  interface  with  mainframe  computers  by  sending  keystrokes  and 
receiving  the  character-based  output  display.  In  the  1980s,  the  PC  revolution  started, 
which  shifted  much  of  the  processing  load  to  the  desktop  computer. 

1.  First  Generation 

The  first  generation  of  thin-client  computers  was  a  terminal-like  computer.  The 
servers  performed  the  bulk  of  the  processing  duties,  and  consisted  of  the  following  three 
varieties: 


a.  Basic  Terminal-A  variant  thin  client  that  was  limited  to  a  text- 
based  display  and  keyboard  input  similar  to  the  ‘dumb  terminals’ 
of  the  mainframe  computers.  The  basic  terminal  used  the 
Microsoft  Terminal  Services  protocols  to  access  the  server  hosted 
applications  (Esposito  and  Slack,  2009). 

b.  Browser  Terminal-A  variant  thin  client  that  added  a  local 
Windows-like  GUI,  which  resembled  the  desktop  application  GUI, 
but  suffered  from  delayed  reaction  and  webpage  refresh.  The 
Browser  Terminal  also  supported  the  text-based  command  line 
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along  with  the  browser  software  to  access  the  server  hosted 
applications  (Esposito  and  Slack,  2009). 
c.  Line-of-Business  (LOB)  Terminal-A  variant  thin  client  that 
provided  support  for  only  a  limited  locally  executed  application. 
While  the  local  application  included  a  full  GUI  capability,  the 
LOB  terminal  could  not  run  any  application,  and  still  relied  on 
much  of  the  processing  load  to  be  handled  by  the  server  (Esposito 
and  Slack,  2009). 

In  comparison  with  the  conventional  desktop  PC,  the  first-generation  thin  clients 
offered  the  IT  personnel  who  managed  the  organization’s  enterprise  network  greater  user 
desktop  control  and  security  over  their  configuration  and  access.  However,  the  loss  of 
control  by  the  end-user  was  not  appreciated  and  contributed  to  an  increase  in  user 
complaints. 

The  first  generation  of  thin-client  computers  generally  used  low-power,  low- 

capability  processors,  which  cost  less  than  the  conventional  desktop  PCs.  The  thin-client 

had  a  small  amount  of  Random  Access  Memory  (RAM)  and  used  a  firmware-embedded 

operating  system  (OS),  such  as  Microsoft  Windows  CE,  Windows  XPe,  or  an  embedded 

variant  of  the  Linux  OS  for  communication.  To  communicate  with  the  servers,  the  thin 

client  used  a  set  of  protocols  such  as  the  Microsoft  Terminal  Services  (MTS),  Citrix 

Presentation  Server  (CPS),  or  X-Windows  Display  Manager  Control  Protocol  (XDMCP) 

(Mui  and  Pearce,  1992).  The  thin-client  user  could  then  run  shared  multiuser 

applications  connected  to  the  application  servers  from  within  the  thin-client  GUI.  Using 

the  first  generation  of  thin-client  capabilities,  either  the  individual  applications  could  be 

published  or  an  entire  desktop  could  be  published  by  the  server  to  the  thin-client  device. 

Client  Access  Licenses  (CAL)  and  any  applicable  user  licenses  for  server  applications 

increased  the  software  cost  in  addition  to  the  core  server  OS  licensing  fees.  It  can  be 

argued  that  the  total  cost  of  ownership  (TCO)  for  those  first-generation  thin  clients  was 

actually  reduced  compared  to  the  conventional  PC  setup  with  the  additional  licensing 

fees.  On  the  other  hand,  the  TCO  must  also  take  into  account  the  costs  associated  with 

size,  weight,  and  power  (SWaP).  Finally,  a  critical  problem  with  the  first-generation 

thin-client  technology  was  that  all  the  users  operated  from  one  instance  of  the  server  OS. 

This  shared  use  of  the  OS  meant  that  if  one  user  managed  to  lock  up  or  crash  the  OS,  all 

of  the  other  users  would  stop  operating  until  the  effected  OS  was  rebooted  (Esposito  and 
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Slack,  2009).  From  both  a  performance  perspective  and  the  cost  of  productivity 
downtime,  the  first-generation  thin-client  technology  had  to  improve  in  order  to  become  a 
viable  solution. 

2.  Second  Generation 

Improving  on  the  first  generation  of  thin-client  technology,  the  second  generation 
aimed  to  satisfy  the  user  needs  while  still  satisfying  the  IT  department’s  hardware 
centralization  goal.  At  first,  the  solution  was  to  create  massive  server  farms  with  low- 
cost,  rack-mounted  commodity  servers  and  load  balancing  software,  which  reduced  the 
impact  of  OS  crashes.  The  server  farm  model  was  then  improved  by  employing  server 
blade  computers,  which  are  fully-fledged  computers  that  are  integrated  on  a  single  board 
with  circuit-based  Input/Output  (I/O)  connectors  plugged  into  a  bus  in  a  chassis.  The 
difference  between  a  blade  computer  and  a  single  board  computer  (SBC)  is  that  the  SBC 
does  not  include  peripheral  I/O  devices  on  the  board  such  as  a  hard-drive,  and  therefore 
requires  external  cables.  A  blade  computer  is  a  stripped  down  server  computer  with  a 
modular  design  optimized  to  minimize  the  use  of  physical  space  and  energy.  At  the  same 
time,  the  thin  client  became  a  commodity  hardware  item  with  lower  cost  and  higher 
performance,  which  stressed  the  demands  for  network  bandwidth  using  the  same 
protocols  as  the  first  generation  of  thin  clients.  Unlike  in  the  case  of  the  first  generation 
of  thin  clients,  the  user  had  a  dedicated  instance  of  his  familiar  Windows  OS  or  Linux 
OS,  which  preserved  the  user’s  expected  PC  desktop  experience.  The  second  generation 
eliminated  the  situation  where  one  user  could  take  down  the  others  in  the  case  of  an  OS 
lockup  or  crash.  While  it  can  be  argued  that  the  TCO  for  a  second-generation  setup  of 
thin-clients  and  blade  servers  costs  somewhat  less  than  does  the  traditional  standard  PC, 
it  is  less  than  ideal  relative  to  the  high  cost  of  individual  blade  computers  and  their 
enclosure  chassis.  Another  major  cost  contributor  to  the  TCO  of  the  second-generation 
thin-client  solution  is  the  continued  requirement  for  desktop  licenses  (Windows  or  Linux) 
and  for  blade  computer  communication  software  for  each  user  (Esposito  and  Slack, 
2009). 
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3. 


Third  Generation 


The  current  third  generation  of  thin-client  technology  aims  to  reduce  the  TCO 
through  lower  size,  weight,  and  power  (SWaP)  of  the  first  generation,  while  satisfying  the 
same  user  and  IT  department’s  satisfaction  goals  of  the  second  generation.  To  achieve  a 
lower  SWaP,  the  number  of  second-generation  blade  computers  is  being  reduced  through 
the  implementation  of  virtual  machine  software.  A  virtual  machine  is  not  a  new  concept, 
but  it  has  been  improved  through  a  new  implementation  that  uses  a  Hypervisor,  which  is 
a  modified  OS  that  acts  as  a  host  for  the  additional  virtual  machines.  Unlike  the  past 
virtualization  technique  of  emulating  the  hardware  in  software,  which  suffered  a 
performance  hit,  the  Hypervisor  solution  merely  acts  as  a  resource  allocator  and 
scheduler  for  the  hosted  virtual  machines  that  run  directly  on  the  hardware  without  any 
emulation.  Although  the  Hypervisor  solution  requires  addition  resources,  especially 
RAM  to  maintain  performance,  the  lower  commodity  cost  of  higher  density  RAM  makes 
virtualization  a  viable  solution.  There  are  three  major  virtualization  solutions  that  meet 
enterprise  network  requirements:  VMware  server,  Citrix’s  XEN,  and  the  Linux  based 
Kernel  Virtual  Machine  (KVM).  At  the  thin-client  side,  the  latest  Pano  Logic  and  Sun 
Microsystems’  SunRay  2FS  thin-client  technology  use  stateless  devices,  which  means 
that  the  user  session  is  running  entirely  on  the  server  independent  of  the  thin  client,  which 
is  often  referred  to  as  truly  thin-client  or  a  “zero”  thin-client  (Esposito  and  Slack,  2009). 
There  is  no  local  storage  device  within  the  zero  thin  clients,  and  no  processing  takes  place 
locally  which  enhances  the  Information  Assurance  (IA)  posture  of  the  enterprise  network 
(meaning  not  exposing  the  thin-client  to  viruses,  worms,  malware,  key-stroke  loggers, 
etc.).  Another  IA  advantage  of  not  storing  any  data  in  the  zero  thin  clients  is  that  the 
same  zero  thin-client  devices  can  be  used  for  accessing  multi-classification  data  and 
multi-compartmented  networks  by  assuring  there  are  no  remnants  of  one  session  that  can 
transgress  to  another. 

C.  CHAPTER  SUMMARY 

In  this  chapter,  the  theory  of  centralized  servers  and  thin-client  computing  is 
introduced  and  described  for  the  purpose  of  establishing  a  common  understanding  of  how 
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the  thin-client  technology  impacts  the  operations  of  an  enterprise  network.  The  chapter 
starts  with  a  definition  for  client-server  computing  over  a  network  using  sockets  and  the 
IP  protocol.  A  historical  review  of  the  thin-client  and  server  advancements  is  provided  as 
a  means  to  gain  understanding  of  the  types  of  issues  that  came  up  and  the  lessons  learned. 
The  issues  provide  the  starting  point  for  the  identification  of  the  key  factors  that  impact 
the  operational  capability  of  an  enterprise  network,  which  leads  into  the  discussion  on 
key  architecture  evaluation  factors  in  Chapter  III. 
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III.  KEY  ARCHITECTURE  EVALUATION  FACTORS 


This  chapter  provides  an  overview  of  the  key  architecture  factors  that  are  required 
to  successfully  operate  ONE-NET.  The  enterprise  network  operations  complexities  are 
described,  which  help  in  identifying  the  technology  and  labor  cost  factors  due  to  the  skill 
level  and  labor  hours  needed  for  a  successful  implementation.  A  detailed  discussion  is 
provided  on  each  of  the  contributing  factors  for:  Infrastructure  and  Network  Services, 
Software  Delivery  and  Management,  Information  Assurance,  and  Service  Level 
Performance.  Closing  this  chapter  is  a  summary  that  includes  a  statement  about  the 
feasibility  of  the  proposed  thin-client  solution. 

A.  OVERVIEW 

Chapter  II  describes  the  technology  aspects  of  the  selected  thin-client  and  server 
implementations  over  time  and  the  general  impact  each  generation  had  on  the  operations 
of  an  enterprise  network.  This  chapter  answers  the  first  detailed  question:  Will 
replacement  of  the  current  thick-client  desktops  with  thin-client  desktops  meet  the 
operational  requirements  of  ONE-NET? 

In  this  chapter,  the  key  factors  that  impact  the  enterprise  network  operation  are 
evaluated  to  provide  the  basis  for  the  following  chapter’s  specific  TCO  analysis  of 
alternatives.  This  chapter  identifies  four  main  categories  of  general  enterprise  network 
technology  implementation  disciplines:  Infrastructure  and  Network  Services,  Software 
Deliver  and  Management,  Information  Assurance,  and  Service  Level  Performance. 
These  categories  cover  the  majority  of  the  associated  technology  requirements  for 
implementing  and  sustaining  an  enterprise  network,  and  therefore  have  the  greatest 
impact  on  the  TCO. 

B.  INFRASTRUCTURE  AND  NETWORK  SERVICES 

At  the  highest  level,  an  enterprise  network  consists  of  major  facilities  such  as  data 
centers  and  network  infrastructure  resources  that  connect  the  data  centers  with  end-users. 
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In  many  cases,  the  network  connectivity  is  achieved  through  lines  that  are  leased  from  a 
third  party  or  via  satellite  links  when  physical  lines  are  not  available  (as  in  the  case  of 
some  U.S.  Navy  OCONUS). 

1.  Footprint  and  Facilities 

Deploying  a  thin-client  based  architecture  relies  heavily  on  shifting  the  computer 
processing  power  to  the  data  center.  Power,  space  and  cooling  constraints  are  the  key 
factors  that  have  a  significant  impact  on  the  viability  of  the  data  center  implementation. 
The  BLII  ONE-NET  infrastructure  installation  commenced  in  fiscal  year  2001  and 
concluded  in  early  fiscal  year  2004.  Over  this  period,  progress  was  made  in 
incorporating  the  installation  of  the  outside  plant  cabling  (OSP),  inside  plant  cabling 
(ISP),  and  data  centers,  including  server  farms,  enterprise  management  systems,  and 
information  assurance  (IA)  suites  (SSC  PAC,  2010a). 

During  the  second  quarter  of  fiscal  year  2004,  the  server  farms  at  each  data  center 
throughout  the  ONE-NET  enterprise  network  were  enhanced  to  provide  more  processing 
power  and  larger  storage  space  to  meet  the  growing  fleet  operational  requirements.  In 
January  2005,  the  desktop  refresh  and  user  migration  effort  had  moved  all  the  customers 
to  the  upgraded  ONE-NET  infrastructure.  As  of  today,  ONE-NET  provides  IT  and 
critical  telecommunications  support  services  to  approximately  33,000  workforce  of  Navy 
uniformed  and  civilian  members  across  the  14  sites  within  Europe,  Far  East,  and  the 
island  nation  of  Bahrain.  The  desired  end  state  of  ONE-NET  is  to  deliver  the  enterprise 
network  capabilities  required  for  effective  Command  and  Control  (C2)  of  all  the 
warfighter  and  business  missions  carried  out  by  the  U.S.  Navy  overseas  commands.  The 
goal  is  to  sustain  and  normalize  day-to-day  operations  and  maintenance  across  all  ONE- 
NET  sites,  while  replacing  all  the  legacy  networks  in  alignment  with  the  DON  CIO 
vision  for  the  future  NGEN  capabilities  and  integration  (SSC  PAC,  2010a). 

The  data  center  solution  for  the  TNOSC  and  LNSC  is  built  upon  several  server 
building  blocks  for  data  processing  and  storage  as  shown  in  Figure  2. 
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Figure  2.  TNOSC  and  LNSC  Unclassified  Server  Farm  Layout  (From  CSC,  2009) 

Under  the  current  lifecycle  upgrade,  the  number  of  servers  and  storage  devices  at 
each  data  center  located  in  the  TNOSCs  and  LNSCs  will  be  reduced  by  more  than  50%, 
which  is  a  key  factor  in  lowering  hardware  costs  as  well  as  heating,  ventilation,  &  air 
conditioning  (HVAC)  costs.  A  total  of  320  physical  devices  will  be  virtualized  at  the 
data  centers  throughout  the  fourteen  TNOSC  and  LNSC  sites.  The  new  servers,  storage, 
and  backup  devices  will  be  installed  using  existing  power,  HYAC  infrastructure.  The 
server  farm  refresh  solution  replaces  Dell  PowerEdge  2650,  2850  and  2950  models  with 
Dell’s  latest  11th  generation  hardware.  The  required  servers  are  limited  to  two  models, 
the  R610  and  the  R710.  The  R6 10  is  a  1  rack-unit  (RU)  server  that  supports  up  to  two 
64-bit  capable  quad-core  Xeon  5500  processors  and  96GB  of  RAM.  A  RU  is  a  standard 
measuring  unit  for  IT  racks  where  1  RU  is  equal  to  1.75"  (4.45  cm)  in  height,  and  the 
significance  of  this  measurement  unit  has  to  do  with  how  densely  a  standard  rack  can  be 
populated.  These  servers  will  be  used  for  non-virtualized  services  such  as  domain 
controllers.  The  R7 10  is  a  2  RU  server  that  has  been  designed  with  hardware  support  for 
virtualization.  The  R710  has  125%  more  memory  and  more  integrated  I/O  than  the 
previous  generation  servers,  and  includes  the  embedded  Hypervisor  technology,  all  in  an 
energy  efficient,  low  profile  design.  These  servers  support  up  to  two  64-bit  capable 
quad-core  Xeon  5500  processors  and  144GB  of  RAM  making  them  optimal  for 
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virtualization  environments.  The  importance  of  this  data  is  primarily  to  show  that  the 
current  lifecycle  upgrade  investment  can  be  reused  to  support  the  proposed  deployment 
of  thin-clients.  The  Dell  EqualLogic  PS  Series  will  be  used  for  the  storage  area  network 
(SAN).  The  SAN  creates  a  virtualized  Internet  Small  Computer  System  Interface  (iSCSI) 
SAN  that  is  capable  of  supporting  a  mix  of  drive  speeds  and  capacity  within  the  same 
peer  group  and  work  together  to  automatically  manage  data,  load  balance  across 
resources,  and  expand  to  meet  growing  storage  needs.  The  PS  Series  arrays  can  be  easily 
added  to  the  existing  EqualLogic  storage  infrastructure  as  modular  building  blocks  for  a 
future  SAN  expansion  (CSC,  2009). 

The  logical  architecture  for  a  TNOSC  data  center  is  shown  in  Figure  3  as  a 
visualization  aid  in  understanding  how  the  specific  hardware  used  for  the  TCO 
calculations  is  integrated. 

The  top  of  Figure  3  shows  the  new  10  gigabit  per  second  Ethernet  (10GB)  that 
provides  the  large  bandwidth  connection  to  the  Virtualization  Servers  that  the  thin-clients 
access  via  the  Virtual  Switch  Network.  The  applications  in  the  five  lower  blue  ovals  and 
the  one  gigabit  per  second  Ethernet  (1GB)  are  the  existing  core  services  that  are 
connected  to  the  new  Virtualization  Servers  via  a  redundant  set  of  Cisco  Nexus  switches. 
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Figure  3.  High-Level  TNOSC  Data  Center  Infrastructures  (From  CSC,  2009) 


To  extend  the  server  farm  refresh’s  core  virtualization  infrastructure  to  support 
the  proposed  thin-client  solution,  each  TNOSC  and  LNSC  will  need  to  be  able  to  grow 
through  adding  building  blocks  with  additional  servers  and  SAN  disk  arrays.  Figure  4 
shows  an  example  building  block  that  supports  1,000  virtual  machine  desktops.  As 
shown  in  Figure  4,  the  building  block  consists  of  a  layered  implementation  on  top  of  the 
physical  hardware  using  a  VMware  VCenter  Server  that  supports  two  clustered  hosts  and 
shared  storage. 
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Figure  4. 
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VMware®  Building  Block  for  1000  Virtual  Desktop  Users  (From  VMware, 

2010) 


Desktop  virtual  machines  for  end  users  do  not  require  as  much  disk  space  and 
processing  resources.  The  amount  of  system  disk  space  required  depends  on  the  number 
of  applications  required  in  the  base  desktop  image,  where  a  typical  applications  suite 
includes  Microsoft®  Word®,  Excel®,  PowerPoint®,  Adobe  Reader®,  Internet 
Explorer®,  McAfee®  Antivirus,  and  PKZIP.  The  amount  of  disk  space  required  for  user 
data  depends  on  the  role  of  the  end  user  and  organizational  policies  for  data  storage. 
Although  support  for  the  thin-client  capability  requires  additional  virtual  servers  and 
SAN  capacity,  these  additional  resources  will  have  minimal  impact  on  the  existing 
power,  cooling,  and  available  space. 

2.  Networking  Resources 

Thin-client  architecture  relies  on  a  reliable  distributed  network-computing 
infrastructure,  where  operation  can  be  severely  impacted  by  an  inability  to  connect  to  the 
central  server  resources.  Both  latency  (the  time  it  takes  a  data  packet  to  travel  from  the 
source  sending  it  to  the  destination  receiving  it  via  the  network)  and  bandwidth  (the 
amount  of  data  that  can  travel  over  the  network  within  a  given  period  of  time)  are 
important  factors.  In  the  proposed  thin-client  computing  scenario,  the  remote  servers 
generate  everything  a  user  sees  on  their  screen.  High  latency  has  a  serious  impact  on  the 
perceived  response  of  the  system,  while  low  bandwidth  affects  the  time  it  takes  to  get 
large  chunks  of  data  like  bitmaps  to  the  user’s  screen.  Additionally,  if  transport 
encryption  protocols  are  being  used,  the  latency  will  be  increased  even  further. 
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Therefore,  the  user  experience  depends  very  much  on  the  network  infrastructure 
resources’  ability  to  provide  sufficient  bandwidth.  It  is  important  to  note  that  while  the 
satellite  data  links  have  limited  bandwidth,  the  critical  links  for  supporting  the  thin-client 
solution  between  the  local  data  centers  and  their  users  are  not  over  satellite  links. 
Therefore,  the  main  resourcing  cost  involves  the  switching  and  routing  devices  in  the  data 
center. 

The  current  server  farm  refresh  uses  Cisco  Nexus  5010  and  Nexus  2148T 
switches  to  provide  ONE-NET  with  auto-negotiating  10/100/1000/10000  mega  bits  per 
second  (Mbps)  throughput  capabilities  and  an  unified  low-latency  network  fabric  (CSC, 
2009).  In  addition,  the  Cisco  Nexus  1000V  virtual  switches  are  installed  inside  the 
virtual  server  environments  to  provide  a  direct  extension  of  the  Nexus  networking 
capabilities  to  the  virtual  machine  level.  These  software  switches  operate  inside  the 
VMware  virtual  environment  and  provide  a  direct  extension  of  the  network  fabric.  To 
separate  network  traffic  for  performance  and  security,  six  separate  Virtual  LAN  (VLAN) 
networks  are  created  as  shown  in  Figure  5.  Figure  5  shows  the  notional  view  of  the  same 
data  center  architecture  described  in  Figure  3,  but  from  the  VLANs’  overlay  perspective. 
The  overlaid  VLANs  are  described  in  Figure  5  by  the  blue  clouds  below  the  Internet 
cloud.  Each  of  the  VLANs  is  served  by  a  combination  of  network  data  traffic  from  the 
Windows  core  servers,  virtual  servers,  backup,  and  data  storage.  Expanding  VLAN 
capacity  in  the  future  is  done  through  the  configuration  of  the  Cisco’s  virtual  switch 
technology. 


19 


Figure  5.  Networking  Server  Farm  with  Six  VLANs  (From  CSC,  2009) 

To  optimize  network  performance,  the  network  infrastructure  will  take  advantage 
of  application-validated  protocol-specific  acceleration  technology.  The  Cisco  Wide  Area 
Application  Services  (WAAS)  provides  application-specific  acceleration  features  for  both 
encrypted  and  non-encrypted  applications.  This  technology  can  improve  network 
performance  over  the  WAN  and  reduce  the  effects  of  latency  and  bandwidth  utilization, 
which  provides  a  user  experience  similar  to  using  a  desktop  PC.  This  is  done  through 
protocol  acceleration,  read-ahead,  operation  batching,  multiplexing,  and  safe  caching. 
Applications  include  Microsoft  file  services  (Common  Internet  File  System  [CIFS])  and 
Microsoft  Exchange  (Messaging  Application  Programming  Interface  Remote  Procedure 
Call  [MAPI-RPC]),  plus  numerous  other  application  protocols.  The  Cisco  WAAS 
Replication  Accelerator  mode  is  optimized  for  WAN  links  from  20  Mbps  up  to  OC-12 
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(622  Mbps)  and  a  latency  greater  than  20  milliseconds.  In  addition  to  new  core  switches, 
the  WAAS  accelerators  can  optimize  the  current  ONE-NET  WAN  bandwidth.  However, 
in  the  event  that  ONE-NET  significantly  increases  the  bandwidth  in  the  future,  it  is  likely 
that  the  WAAS  devices  will  need  to  be  upgraded  or  replaced  to  support  the  additional 
load. 

C.  SOFTWARE  DELIVERY  AND  MANAGEMENT 

Installing  and  managing  software  on  a  PC  is  relatively  simple  when  handling  only 
a  small  number  of  PCs,  but  the  problem  becomes  a  lot  more  challenging  when  dealing 
with  tens  of  thousands  of  computers  or  more.  It  is  challenging  because,  on  one  hand,  the 
enterprise  level  organization  cannot  afford  to  let  each  user  manage  his  or  her  own  PC 
because  of  licensing  constraints  and  security  concerns,  and  on  the  other  hand,  centralized 
delivery  and  management  adds  additional  complexity  and  costs.  The  current  ONE-NET 
refresh  plan  is  intended  to  continue  to  support  PC  devices  for  each  user  and.  as  of  March 
2009,  over  6400  PC  refresh  seats  have  been  completed  on  nine  of  the  fourteen  sites  (SSC 
PAC,  2010b).  Although  deploying  the  proposed  the  thin-client  solution  requires  that  the 
data  centers  be  upgraded  first,  the  current  plan  calls  for  the  completion  of  the  data  centers 
refresh  by  the  second  quarter  of  fiscal  year  2012  (SSC  PAC,  2010c).  According  to  the 
ONE-NET  plan  for  completing  the  PC  deployment  and  the  PC  refresh  cycle,  there  will  be 
sufficient  time  to  deploy  the  thin-client  solution  after  the  data  center  refresh  completion 
date. 


1.  Baseline  Configuration  Management 

Currently,  desktop  delivery  on  ONE-NET  is  done  primarily  with  thick-client  PCs 
at  the  user  end  and  servers  at  the  data  center  using  the  client-server  architecture.  ONE- 
NET  provides  a  common  desktop  software  configuration  that  includes  all  the  Approved 
Product  List  (APL)  applications,  in  what  is  known  as  the  Workstation  Baseline  Software 
Configuration  (WBSC),  to  each  PC  in  the  enterprise.  The  APL  of  desktop  applications, 
operating  system  patches,  application  software  updates,  and  hot-fixes  for  Information 
Assurance  Vulnerability  Alerts  (IAVA)  make  up  the  ONE-NET  baseline  desktop  PC 
software  configuration.  The  baseline  PC  hardware  configuration  is  Dell  computer- 
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specific,  where  the  WBSC  baseline  build  can  be  applied  to  any  Dell  model  that  is 
supported  by  Dell  X-Image  technology.  The  intent  is  to  have  a  single  standardized 
baseline  for  all  the  Dell  PCs,  notebooks  and  tablets  throughout  ONE-NET.  The  WBSC 
image  build  solution  is  intended  for  use  by  all  ONE-NET  users  and  administrators  when 
reimaging  existing  PCs,  or  when  applying  to  new  PCs,  and  it  applies  to  both  the 
classified  and  unclassified  network  domains.  The  current  WBSC  image  build  version  is 
118,  which  is  based  on  Windows  XP  Service  Pack  2  and  incorporates  all  baseline 
updates,  security  settings,  enterprise  configurations,  legacy  compatibility,  and  functional 
updates.  This  build  is  compatible  with  all  desktop  platforms  going  back  at  least  five 
years.  Table  1  lists  the  software  components  required  to  design  and  build  the  initial 
WBSC  image.  The  software  components  are  the  Dell  X-Image,  PowerQuest  and  the 
VMware.  The  Dell  X-Image  is  used  to  incorporate  multiple  Dell  PC  platforms’  drivers 
into  the  image.  The  PowerQuest  is  used  to  create  a  bootable  optical  disk  format  after 
completion  of  the  image.  The  VMware  is  used  to  create  a  virtual  image  from  the  initial 
image  build  (Lelfwitch,  2009). 

Table  1.  Required  Software  Components  to  Create  WBSC  Image  (From  Lelfwitch,  2009) 


Software 

Application 

Developer 

Version 

Descrip  tion/F  unction 

X-Image 

Dell 

3.01 

Incorporates  drivers  for  multiple  platforms  into 
the  image 

PowerQuest 

Symantec 

5.51 

Utilized  in  creation  of  bootable  DVD  set 

VMware 

VMware 

6.5 

Build  environment 

2.  Image  Build  Process  and  Administration 

An  overall  view  of  the  process  for  building  a  new  WBSC  image  baseline  is  shown 
in  Figure  6.  This  is  a  continuous  process  of  modifying  previous  images  with  a  strategy 
around  baseline  configuration  management.  Due  to  the  many  different  security 
modifications  and  vulnerability  patches,  ONE-NET  uses  the  Windows  Patch 
Management  System  (WPMS)  to  periodically  apply  the  PCs  through  Tivoli  Enterprise 
Management  System  (EMS).  The  current  WBSC  version  118  Image  Build  also  supports 
virtual  machine  (VM)  workstation  and  the  following  platforms. 
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•  Desktops:  OptiplexGX270,  OptiplexGX280,  OptiplexGX620, 

Optiplex740,  Optiplex745,  Optiplex755,  Optiplex760. 

•  Notebooks/Tablet:  Latitude  D400,  Latitude  D410,  Latitude  D420,  Latitude 
D430,  Latitude  D600,  Latitude  D610,  Latitude  D620,  Latitude  D630, 
Latitude  E6400,  InMotionLE1600  (Tablet),  Latitude  XT  (Tablet) 
(Lelfwitch,  2009). 


Figure  6.  WBSC1 18  Image  Build  Architecture  (From  Lelfwitch,  2009) 


The  image  build  process  includes  inputs  from  update  packs  (UP),  which  is  done  in 
parallel  with  ONE-NET  EMS,  and  pushes  the  software  updates  to  PCs  in  order  to 
maintain  a  stable  baseline  that  is  consistent  with  previous  versions  of  the  WBSC  image. 
Both  update  packs  and  Tivoli  patch  management  pushes  to  PCs  contain  the  necessary 
security  and  functional  updates  from  the  monthly  Microsoft  patch  releases  in  response  to 
the  Joint  Task  Force-Global  Network  Operations  (JTF-GNO)  Information  Assurance 
Vulnerability  Management  (IAVM)  notifications.  IAVM  compliance  is  required  in  order 

to  maintain  a  secure  WBSC  ONE-NET  baseline  build.  The  build  also  contains  driver  cab 
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files  for  all  desktop  and  laptop  systems,  including  both  current  and  legacy  support  for  at 
least  five  years  (Lelfwitch,  2009).  While  Figure  6  described  the  specific  WBSC  Image 
118  build  process,  there  are  three  possible  update  processes  for  building  a  WBSC  image 
118,  as  shown  by  the  three  progression  bars  of  Figure  7  (Figure  6  is  represented  by  the 
middle  progression  bar).  The  top  progression  bar  shows  a  WBSC  image  118  build  from  a 
WBSC  image  version  117  with  XP  Service  Pack  2  build  and  additions  of  update  packs. 
The  update  packs  include  UP1 17A,  UP1 17B,  UP1 17C  and  UP1 18.  Within  these  update 
packs  are  the  Microsoft  security  patches,  third-party  application  updates  and  IAVA 
updates.  The  bottom  progression  bar  shows  a  WBSC  image  118  that  started  with  an 
older  version  of  WBSC  images  115  or  1 16  or  117,  and  all  required  accumulative  updates 
that  can  be  delivered  by  using  the  Tivoli  Enterprise  Management  Service  (EMS). 


WBSC  Image  117 


UP118 


WBSC  Image  118* 

*minor  improvements  not  part  of  Update  Pack/Tivoli  baseline  (see  Tuning  section  of  401  document) 


WBSC  Image  115 

OR 

WBSC  Image  116  Tivoli  Updates  from  Network 

OR 

WBSC  Image  117 


Figure  7.  Optional  WBSC  Baseline  Image  Build  Progressions  (From  Lelfwitch,  2009) 

3.  Application  Management  and  Licensing 

In  order  to  calculate  the  TCO  impact  of  application  management  and  licensing, 
the  WBSC  baseline  image  is  identified,  which  includes  the  Windows  Operating  System 
(OS)  and  main  components,  Microsoft  Office  Professional  2003  Service  Pack  2,  file 
viewer  applications,  multi-media  player  applications,  utility  applications,  security 
applications,  enterprise  management  client  and  miscellaneous  applications  as  shown  in 
the  multi  sectional  Table  2.  Some  applications  have  free  software  licenses  and  some 
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applications  require  paid  licenses.  The  license  information  in  Table  2  shows  how  the 
licenses  are  applied  to  the  WBSC.  The  licenses  for  Windows  OS  components  and 
Windows  Microsoft  Office  Professional  Suit  are  covered  by  the  ONE-NET  Microsoft 
enterprise  license  agreement  contract.  The  3-year  PC  refresh  takes  into  account  that  these 
Microsoft  licenses  are  paid  for  once  per  refresh. 

Table  2.  Baseline  Applications  on  WBSC  Image  Build  (SSC  PAC,  2009a) 


Baseline  Operating  System  and  OS  Main  Components 


!  Manufacturer 

Add li cation  Name 

Version 

Build  i1  Version 

Licence  Info 

Microsoft 

Windows  XP  Professional 

5.1.2600 

(5P2) 

2600.>pxp.D50622-34S2:  SP2 

Part  of  OS 

Internet  Explorer 

6 

6.0.2900.21 30.xpsp sp2 ;gdr.06D8 14-1 233 

Part  of  OS 

Outlook  Express 

6 

6.00.29DD.2 1 3  D.  (xps  p sp2 rtm.  04060  3-2 1 58 

Part  of  OS 

Windows  Messenger 

4.7 

4.7.0.3001 

Part  of  OS 

DirectX 

9.0C 

6.5.2600.3367 

Part  of  OS 

Windows  Media  Player 

10 

10.00.00.4056 

Part  of  OS 

MDAC 

2.3  SP-1 

2.61.1117.6 

Part  of  OS 

Java  Virtual  Machine  (MS JVM) 

5 

5.00.3610.0 

Disabled,  replaced  by 
Sun  Java 

.Net  Franrework 

1.1 

1.1.4322.573 

Part  of  OS 

.Net  Framework 

20 

2.0.50727.842 

Part  of  OS 

Remote  Desktop  Client  Update 

52 

5.2.3790.0 

Part  of  OS 

OWA  S/Mime  Control 

6.5 

v6 .5.7226.0 

Part  of  OS 

MS  XML  Parser 

1.DSP1 

4.72.3110.0 

Part  of  OS  ! 

MS  XML  Parser 

2.6  SP3 

3.30.9529.0 

Part  of  OS 

MS  XML  Parser 

3.0  SP& 

8.90.1101.0 

Part  of  OS 

MS  XML  Parser 

4.0  SP2 

4.20.987D.0 

Part  of  OS 

MS  XML  Parser 

5.0 

5.20.1067.0 

Part  of  OS 

MS  XML  Parser 

6.0  SP2 

6.20.1099.0 

Part  of  OS 

MS  Language  IME  for  Japanese. 
Chinese  and  Korean 

2002a 

IME  2002 

Part  of  OS 

Microsoft  Office  Professional  2003  (Service  Pack  2} 


Manufacture 

ADDlication 

Version 

Build  f  Version 

Licence  Info 

Microsoft 

Access  2003 

2D03 

{1 16166.8221}  5P3 

ONE-NET  Enterpnse 
Licence 

Excel  2003 

2D03 

{1 16231.8221)  SP3 

ONE-NET  Enterpnse 
Licence 

InfoPath  2DQ3 

2DQ3 

{1 16165.8221)  SP3 

ONE-NET  Enterpri  se 
License 

Outlook  2003 

2D03 

(11 6217.8221  )SP3 

ONE-NET  Enterprise 
License 

PowerPoint  2003 

2D03 

(11 62126221  )SP3 

ONE-NET  Enterprise 
License 

Publisher  2DD3 

2D03 

(11 6212.8221  )SP3 

ONE-NET  Enterprise 
License 

Word  2003 

2DQ3 

(11 62276221  )SP3 

ONE-NET  Enterprise 
License 

MS  Office  2007  File  Converters 

2DQ3 

1 2.D.6320.5D00 

ONE-NET  Enterprise 
License 
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Wise  Applications 


Manufacture 

Application 

Version 

Build/ Version 

License  Info 

DB  Web  Sign 

DB  WebSip  Browser  Plug-In 
IForDTS) 

2.3 

2.3.1.12 

Free 

Sun  Java 

Sun  Java  Runtime  Env  (JRE) 

1.6x 

vl .6.0 D7-bD6 

Free 

SOCOM 

Install  SO  COM's  Outlook  Email 

Classification  Add-En 

2jc 

v2.2 

free  GOTS  app 
designed  by  SOCOM 

Enterprise  Management  Client 


Manufacture 

Application 

Version 

Build  /  Version 

License  Info 

IBM 

Tivoli  Management  Agent  (TMA) 

-  Endpoint  Manager  Client  for 
software  distribution. 

4.  lx 

4.1.138 

ONE-NET  Enterpri  se 
License 

File  Viewer  Applications 


Manufacture 

Application 

Version 

Build  /  Version 

License  Info 

Adobe 

Reader  (Full)  with  Font  packs  for 
Japanese,  Chinese.  Korean  and 
European 

9 

9 

Free 

Autodesk 

Vole  View  Express 

2.01 

311 

Free 

Microsoft 

Visio  Viewer  2003 

11 

11.0.3709.5614 

Free  E 

Windows  Journal  Viewer 

5.1 

2600.xpsp  sp2  gdr.0808 14-1233 

Free 

Utility  Applications 


Manufacture 

Application 

Version 

Build/ Version 

License  Info 

WinZip 

Computing 

Wirczip 

9.0  SR-1 

6224 

One  time  purchase  of 
15.0DD  seats 

Symantec 

AntiVitus  Corporate  Edition 

10.1  x 

1D.1.6.6D10 

DOD  Enterprise  License 

Sonic 

Roxio  Easy  CD  Creator 

5.3.5.17 

AOO 

Licensed  for  each  Dell 

PC 

Multi-Media  Players 


Manufacture 

Application 

Version 

Build  /  Version 

License  Info 

Apple 

QuickTime  Player 

7.55 

7.5.D 

Free 

Adobe 

Macromedia  Shockwave 

Browser  Plug-in 

IQ 

1DL1J0.11 

Free 

Macromedia  Flash  Player 

9 

9.Q.124.D 

Free 

Macromedia  Authorware  Web 
Player 

4.D.0.7D 

Free 

InterVideo 

InterVideo  WmDVD 

4.0 

4.D.  DXVA  B 1 1  .D52C 1 3. 1 D325JOOODD  DQQOO 

Licensed  for  each  Dell 

PC 
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Security  Applications 


Manufacture 

Application 

Version 

Build  r  Version 

License  Info 

DOD 

Root  CA  PKI  Certificates 

3.D6A 

Free 

Tumbleweed 

Desktop  Validator  (ForCLG) 

4.72 

4.72 

SPAWAR  Seat  License 

MS  CAPICOM 

CAPICOM  Module 

2.1  x 

2.1. 0.2 

Free 

ActivCard 

Active  Client  for  CAC  -  PKI 

6.1 

SPAWAR  Seat  License 

Juniper 

Networks 

NetScreen  Remote  VPN  CEient 

0  5 

1D.3.5  build  6 

SPAWAR  Seat  License 

D.  ENTERPRISE  DEPLOYMENT  AND  INFORMATION  ASSURANCE 

ONE-NET  currently  uses  the  Altiris  enterprise  deployment  solution,  which 
provides  an  automated  process  for  collecting  data  and  maintaining  a  configuration 
management  across  each  enclave  for  every  seat  deployment  to  the  latest  approved 
baseline  configuration.  An  enclave  is  a  grouping  of  networked  devices  that  share  similar 
classification  authority  levels.  A  “seat”  is  the  collection  of  resources  required  to  support 
an  individual  user.  Along  with  the  Altiris  enterprise  deployment  solution,  the  PCs  are 
first  placed  on  the  staging  VLAN,  which  offers  a  segregated  area  where  all  the  PCs  can 
reside  until  they  conform  to  the  configuration  and  security  requirements.  Upon 
validation,  the  PCs  can  then  be  deployed  to  the  ONE-NET  enclave.  The  architecture  of 
the  Altiris  enterprise  deployment  system  contains  the  connections  and  interfaces  as 
shown  in  Figure  8  (Martinez,  2010).  Figure  8  shows  the  enterprise  deployment  hierarchy 
where  the  top  level  global  notification  server  (in  red)  is  located  at  SPAWAR  Systems 
Center  Pacific,  San  Diego.  This  server  replicates  security  policies,  image  packages  and 
other  configuration  items  to  the  regional  notification  servers  locating  at  the  TNOSCs  in: 
Yokosuka,  Japan;  Naples,  Italy;  and  the  island  nation  of  Bahrain.  The  regional 
notification  server  at  each  TNOSC  (in  blue)  then  replicates  the  same  data  to  LNSCs  (in 
green)  within  the  region.  At  each  LNSC,  the  local  notification  server  applies  security 
policies,  image  packages  and  configuration  items  to  the  corresponding  end  user  PC 
system.  The  inventory  data  is  reported  to  the  local  notification  servers  using  the 
Symantec  Management  Agent. 
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Figure  8.  Altiris®  Enterprise  Deployment  Architecture  (From  Martinez,  2010) 

The  Altiris  enterprise  deployment  solution  consists  of  the  Symantec  Management 
Platform  version  7.0  SP4,  Deployment  Solution  version  7.1,  SQL,  IIS,  and  Symantec 
Management  Agent  (Martinez,  2010). 

The  ONE-NET’s  enterprise  desktop  imaging  deployment  provides  a  centralized 
deployment  management  that  consists  of  the  following  capabilities: 

•  Standard  jobs,  scripts,  images  and  packages  from  a  central  location. 

•  Automated  replication  of  jobs,  scripts,  images  and  packages. 

•  Centralize  imaging  deployment  and  maintaining  desktop  configuration 
control. 

A  staging  VLAN  provides  a  quarantined  area  for  PC  installation  denoted  by  the 

Workstations  icon  in  the  bottom  left  of  Figure  9.  The  quarantine  is  done  by 

implementing  a  Level- 1  network  transport  architecture  as  shown  in  Figure  9,  using  a 

layer  2  IP  network  VLAN  with  defined  access  control  lists  (ACLs)  to  isolate  the  new  PCs 
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from  the  targeted  ONE-NET  enclave  on  the  right.  The  ACLs  provide  the  PCs  with 
limited  access  to  ONE-NET  resources  that  are  used  to  update  noncompliant  PCs 
(McDaniel  &  Falcone,  2008).  Figure  9  also  shows  the  connectivity  to  ONE-NET’s 
Tivoli  EMS  and  Symantec  resources  via  the  core  distribution  switch,  which  allows  the 
PCs  to  receive  the  latest  patches  and  security  updates.  Connectivity  to  the  existing 
Information  Assurance  (IA)  suite  Retina  server  allows  the  PCs  to  be  validated  for 
security  compliance  before  being  sent  and  installed  in  the  ONE-NET  enclave  (Hanada, 
2009). 


Figure  9.  Staging  VLAN  Architecture  (From  Hanada,  2009) 


The  process  leading  to  the  deployment  of  the  PCs  is  described  in  Figure  10,  where 
the  PCs  go  through  two  major  steps  for  imaging  and  staging.  The  process  starts  with 
imaging  the  PCs  and  takes  about  1.5  hours  to  complete.  After  the  PCs  are  imaged,  the 
first  step  is  completed  with  an  initial  Retina  security  scan  (RSS)  before  placing  the  PCs  in 
the  quarantined  staging  VLAN.  A  second  step  of  seat  to  application  mapping  (STAM) 
process  is  then  applied  to  the  PCs,  where  the  latest  software  patches  are  installed 
(pushed)  on  the  PCs  from  the  Tivoli  EMS.  Completing  the  process  is  a  final  RSS  prior  to 
the  deployment  of  the  validated  PCs  on  the  network. 
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Stand  Alone  Imaging  Network 


Figure  10. 


Post  Imaging  PC  Patching  Process  (From  Graham,  2009) 


The  performance  required  for  this  process  is  as  follows  (Graham,  2009). 

1 .  Baseline  Imaging:  1 .5  hours 

2.  Retina  Scan  on  PC:  10  minutes 

3.  Post  baseline  image  update  Seat  to  App  Mapping  (STAM):  1  hour 

4.  Application  patches  using  Tivoli  Windows  Patch  Management 
System  (WPMS):  1  hour  (maximum) 

a.  The  ability  to  manually  initiate  PC  Inventory  using  WPMS 

b.  The  ability  for  manual  or  automatic  start  of  the  remediation 
(patch)  process  using  WPMS 

c.  Completion  status  notification  of  workstation  remediation 
by  WPMS 

5.  Retina  scan  post  remediation:  10-20  minutes 

The  requirement  timeline  as  defined  above  supports  a  PC  deployment  of  32 
desktop  systems  in  approximately  a  4-hour  period  (Graham,  2009). 
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Similar  to  the  deploying  process,  the  ONE-NET  Tivoli  WPMS  also  provides  a 
capability  for  facilitating  a  rapid  delivery  of  updates  to  non-compliant  PCs  that  includes  a 
robust  reporting  system  for  compliance  statistic.  The  Tivoli  WPMS  lifecycle  begins  on 
the  second  Tuesday  of  every  month  when  Microsoft  posts  its  updated  security  bulletin, 
and  lasts  through  the  rest  of  the  month  until  Microsoft  releases  the  next  security  bulletin 
(Shimoko,  2008a).  The  automated  inventory  system  is  an  integral  part  of  and  a 
mandatory  prerequisite  for  the  WPMS.  Before  WPMS  non-compliant  PCs  and  the 
patches  they  need  are  identified,  an  inventory  scan  is  done  on  the  PCs.  There  are  3 
different  scan  configurations  that  are  utilized  on  ONE-NET:  Initial  Nightly  Scan,  Weekly 
Difference  Scan,  and  Periodic  Full  Scan  (Shimoko,  2008b). 

The  WPMS  process  shown  in  Figure  11  applies  to  both  desktop  PCs  and 
Windows  servers.  The  workflow  process  for  testing,  packaging,  deploying  and  reporting 
monthly  patches  and  updates  covers  26  detailed  steps.  The  top  blue  ovals  in  Figure  1 1 
describe  the  overall  two  parallel  activities,  one  for  the  Microsoft  patch  releases  and  the 
second  for  the  information  assurance  vulnerability  management  (IAVM)  notifications. 
The  workflow  diagram  shows  a  process  for  mapping  the  JTF-GNO  information  assurance 
vulnerability  alerts  (IAVA)  release  number  with  any  applicable  Microsoft  security 
vulnerabilities.  The  applicable  patches  are  then  manually  tested  prior  to  installation  in 
order  to  ensure  the  WBSC  functionality  is  maintained.  After  testing  is  completed,  the 
patches  are  released  to  get  approval  through  the  approval  procedure  prior  packaging  and 
deployment.  The  final  step  completing  the  process  in  Figure  1 1  ends  with  reporting  the 
updated  status  to  the  DoD’s  Vulnerability  Online  Compliant  Report  System  (OCRS)  for 
patch  compliant. 
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Figure  1 1 .  ONE-NET  Windows  Patch  Management  Process  (From  SSC  PAC,  2009b) 
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E.  SERVICE  LEVEL  PERFORMANCE 


Current  ONE-NET  network  infrastructure  and  services  have  demonstrated  the 
ability  to  meet  the  target  service  availability  of  99.5%  based  on  NNWC’s  Service  Level 
Objectives  requirements  (NNWC,  2001).  Based  on  the  review  and  assessment  discussed 
in  Section  B,  the  current  network  latency  and  bandwidth  are  expected  to  support  the  thin- 
client  implementation  using  a  virtual  desktop  delivery  solution  without  impacting  the 
current  Quality  of  Service  (QoS).  The  network  infrastructure  within  the  data  center 
provides  a  robust  high-speed  Local  Area  Network  (LAN)  with  10  gigabits  per  second 
(10GB)  Ethernet  backbone  service  as  the  maximum  utilization  available  to  the  proposed 
thin-client  solution.  The  thin  clients  can  use  the  existing  networking  infrastructure  to 
implement  the  PC  over  IP  (PCoIP)  display  protocol  from  VMware,  which  provides  an 
optimal  display  performance  across  LANs  and  WANs.  The  PCoIP  is  the  default  protocol 
in  the  Windows  or  Linux  software  that  connects  servers  through  View  Manager  to  their 
thin-client  devices.  The  PCoIP  also  supports  productivity  applications  like  Microsoft 
Office  and  rich  media  like  video,  flash,  and  graphics  (VMware,  2010). 

As  shown  in  Section  B,  subsection  2  (Networking  Resources),  the  combination  of 
the  Cisco  unified  low-latency  switches,  virtual  switches,  and  WAAS,  offer  an  optimized 
network  performance  that  is  capable  of  supporting  the  proposed  thin-client  solution  with 
expected  similar  existing  QoS.  The  technology  greatly  reduces  the  complexity  and  cost 
of  the  current  PC  deployment  and  updating  process  because  it  will  all  be  localized  in  the 
data  center.  The  PC  deployment  and  updating  process  localized  in  the  data  center  is  a 
significant  TCO  benefit  in  terms  of  staffing  reduction  that  will  impact  the  TCO 
calculations  in  Chapter  IV. 

F.  CHAPTER  SUMMARY 

By  reviewing  the  current  ONE-NET  architecture,  this  chapter  covers  the  various 
aspects  that  impact  costs  of  running  and  managing  data  center  facilities,  network 
resources,  software  delivery,  updating,  patch  management,  and  security.  A  final  look  at 
the  service  level  performance  of  the  current  infrastructure  resources  provides  the 
assurance  that  the  thin-client  proposal  is  at  least  technically  feasible  and  positively 
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answers  the  first  detailed  question:  Will  replacement  of  the  current  thick-client  desktops 
with  thin-client  desktops  meet  the  operational  requirements  of  ONE-NET?  In  the  next 
chapter,  the  actual  TCO  costs  are  calculated  and  compared  between  the  current  thick- 
client  and  thin-client  alternative  solutions. 
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IV.  TOTAL  COST  OF  OWNERSHIP 


This  chapter  introduces  the  concept  of  TCO  and  identifies  the  inputs  needed  for 
the  cost  per  seat  calculation  model  as  well  as  for  the  power  and  cooling  cost  tool.  Using 
the  identified  inputs,  the  TCO  is  calculated  for  the  current  thick-client  implementation 
and  then  for  the  proposed  thin-client  implementation.  The  resulting  TCOs  are  then  used 
in  the  analysis  of  and  comparison  between  the  two  alternative  implementations  of  ONE- 
NET. 

A.  TOTAL  COST  OF  OWNERSHIP  CONCEPT 

The  Total  Cost  of  Ownership  (TCO)  is  a  financial  estimate  concept  to  support 
acquisition  and  planning  decisions  for  a  wide  range  of  assets  that  incur  significant 
maintenance  and/or  operating  costs  over  a  long  period  of  use.  It  quantifies  and  measures 
the  various  associated  costs  for  the  purpose  of  planning  future  budgets,  and  offers 
excellent  insight  into  business  processes  and  levels  of  service  which  will  help  improve 
efficiencies  and  effectiveness.  The  object  of  good  business  is  to  attain  the  lowest  TCO 
(Solution  Matrix,  2010). 

In  ONE-NET,  the  TCO  calculations  are  used  for  both  gauging  the  required  capital 
investment  by  the  ONE-NET  program  office  and  gaining  insight  to  various  cost  aspects 
through  the  analysis  process.  The  insights  gained  can  then  be  used  to  identify  potential 
means  for  reducing  the  TCO,  which  is  a  primary  management  objective.  Chapter  III 
describes  four  key  architecture  evaluation  factors  that  have  an  impact  on  the  enterprise 
network  operations,  and  proves  that  the  thin-client  desktop  proposal  is  technically  sound. 
This  chapter  delves  into  the  TCO  calculations  in  order  to  answer  the  second  detailed 
question:  Will  the  TCO  of  ONE -NET  over  the  next  seven  years  be  low  enough  to  justify 
the  additional  risk  and  up-front  investment  in  deploying  the  thin-client  desktops? 

The  four  major  TCO  components  are  labor,  hardware,  software  and  transport. 
The  following  section  describes  the  major  cost  components  and  assumptions  used  in  the 
TCO  calculations. 
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B.  MAJOR  COST  COMPONENTS  AND  ASSUMPTIONS 


Calculating  the  TCO  for  ONE-NET  requires  a  major  data  gathering,  which  cannot 
be  done  without  some  initial  assumptions  that  bound  the  effort.  The  ONE-NET  cost  per 
seat  (CPS)  model  was  developed  in  year  2005  by  NNWC  and  is  used  for  the  TCO 
calculations.  As  described  earlier,  the  TCO  consists  of  the  four  major  costs 
components — labor,  hardware,  software  and  transport.  The  assumptions  for  each  of  the 
major  cost  components  are  now  described. 

1.  Labor  Costs 

Labor  costs  are  defined  as  the  burdened  costs  of  all  dedicated  staff  required  to 
operate  and  maintain  ONE-NET  (NNWC,  2005).  The  staffing  model  used  for  this 
analysis  is  based  on  the  full  Future  Mode  of  Operations  (FMO),  which  considers  labor  for 
different  types  of  personnel  such  as  civilian  service,  military,  foreign  nationals  and 
contractors.  The  FMO  labor  costs  were  compiled  for  the  expected  labor  pool  required  to 
support  a  27,284-seat  enterprise  network  and  maintain  up  to  41,000  users  (NNWC, 
2005). 


2.  Hardware  Costs 

The  CPS  model  costs  include  an  estimate  of  the  total  number  of  PCs  (one  PC 
equals  one  seat).  There  are  additional  hardware  costs  for  the  data  centers,  but  they  do  not 
include  the  costs  of  all  servers,  switches,  and  routers  because  most  are  reused.  Other 
hardware  costs  relevant  to  the  analysis  include  resources  used  by  non-seat  users  such  as 
help  desk  and  engineering  support.  The  analysis  is  based  on  a  three-year  refresh  cycle 
duration  with  a  PC  count  growth  tied  to  the  expected  seat  count.  However,  since  the  seat 
count  is  based  on  the  fixed  FMO  number  of  27,284  seats  with  one-third  of  the  seats 
refreshed  each  year  (approximately  9,095  PCs),  the  growth  is  actually  constant  over  the 
three  year  period  (NNWC,  2005). 

3.  Software  Costs 

Client  Access  Licenses  (CALs)  are  associated  with  each  seat.  When  a  PC  is 


purchased,  it  includes  the  CALs  in  the  software  package  that  are  good  for  three  years  (for 

36 


the  CPS  model  purpose,  the  CALs  are  accounted  for  in  the  first  year  of  the  PC  purchases 
and  then  zeroed  for  the  next  two  years).  After  three  years,  the  CALs  are  accounted  for 
annually  and  can  be  funded  separately  via  the  Program  Objective  Memorandum  (POM) 
process,  which  is  independent  of  the  initial  acquisition  funding.  Although  the  follow-up 
POM  funding  is  not  guaranteed,  the  CAL  costs  for  year  four  and  beyond  are  still  included 
for  the  TCO  calculation  (NNWC,  2005). 

4.  Transport  Costs 

Network  transport  costs  are  based  on  the  Defense  Information  Systems  Agency 
(DISA)  Enhanced  Planning  Process  (EPP).  All  DISA  circuits  are  priced  according  to  the 
Defense  Working  Capital  Fund  (DWCF)  “Telecommunications  Pricing  Guide.”  Channel 
Service  Unit  (CSU)/Data  Service  Unit  (DSU)  costs  are  in  accordance  with  the  DWCF.  A 
charge  is  incurred  each  time  the  bandwidth  reaches  a  new  circuit  size  (NNWC,  2005). 
Non-DISA  point-to-point  circuit  CSU/DSU  costs  vary  widely  (by  country,  by  location, 
by  commercial  entity)  and  their  exact  amounts  are  not  known,  so  the  DWCF 
Telecommunications  Pricing  Guide  is  used  as  an  average  CSU/DSU  cost  figure  (NNWC, 
2005).  The  Navy  does  not  have  a  standard  for  metrics  in  terms  of  bandwidth  per  user 
(e.g.,  number  of  users  per  location,  cost  per  Megabit).  Therefore,  bandwidth  growth  is 
based  on  the  following  distribution:  (1)  No  growth  or  no  change  in  the  first  year;  (2) 
DISA  circuit  growth  rates  of  10%  for  the  following  four  years  and  5%  for  two  more 
years;  and  (3)  circuit  bandwidth  remains  static  in  the  future  years. 

C.  COST  ANALYSIS  AND  TCO  COMPARISON 

Based  on  the  assumptions  described  in  the  previous  sections,  each  major  cost 
component  is  formulated  in  the  cost  per  seat  (CPS)  model  as  follows. 

1 .  Labor  Cost  =  LNSC  Labor  Cost  +  TNOSC  Labor  Allocation  +  Total  Other 

Labor  Costs,  where  LNSC  Labor  Cost  is  defined  as  the  cost  associated 
with  the  required  number  of  staff  personnel  at  the  seat  locations  to  provide 
operational  and  maintenance  support;  TNOSC  Labor  Allocation  is  defined 
as  the  cost  of  TNOSC  staff  personnel  allocated  to  support  the  LNSC 
service  desk;  and  Total  Other  Labor  Costs  consist  of  training,  travel  and 
consumables  costs  for  staff  personnel. 
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2. 


Hardware  Cost  =  Total  Cost  for  Unclassified  PCs  +  Total  Cost  for 
Classified  PCs  +  Total  Cost  for  Notebooks. 

3.  Software  Cost  =  Total  Cost  for  Number  of  CALs  required  for  the  27,284- 
seat  network. 

4.  Transport  Cost  =  Total  Cost  for  the  Number  of  DISA  Circuits  and  Non- 
DISA  Circuits  throughout  the  enterprise. 

The  ONE-NET  cost  per  seat  (CPS)  model  was  initially  developed  by  NNWC  for 
the  period  of  fiscal  year  2005  (FY  05)  through  FY  1 1,  so  it  provided  a  good  starting  point 
for  the  TCO  calculations  covered  by  this  thesis.  The  cost  model  used  the  projected 
inflation  index  rates  given  in  Table  3  (NNWC,  2005). 

Table  3.  Original  Inflation  Index  (From  NNWC,  2005) 


FY  05 

FY  06 

FY  07 

FY  08 

FY  09 

Inflation 

Index 

1.000 

1.012 

1.021 

1.030 

1.040 

Based  on  Table  3  from  the  CPS  model,  one  dollar  in  FY  05  will  be  worth  $1,107 
in  FY  09.  The  estimated  inflation  rate  over  the  5-year  period  is  thus  10.7%. 

Since  the  thesis  is  concerned  with  FY  10  to  FY  16,  the  CPS  model  costs  were 
adjusted  for  the  past  inflation  by  10.7%  starting  in  FY  10.  A  similar  inflation  index 
distribution  was  used  by  the  CPS  model  to  extend  the  calculation  to  FY  16  and  applied  to 
the  raw  data  results  of  the  model,  which  are  provided  in  Appendix  A. 

1.  Thick-Client  Cost  Analysis 

The  thick-client  calculations  for  the  four  major  cost  components  are  based  on  the 
current  adjusted  inflation  index  rate  and  are  shown  in  Table  4.  Note  that  the  first  three 
years  do  not  have  software  costs  as  software  is  already  included  with  the  purchased  PCs. 
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Table  4.  Four  Major  Cost  Components  for  Thick-Client  Solution 


Major  Cost 
Components 

FY  10 
(Million) 

FY  11 
(Million) 

FY  12 
(Million) 

FY  13 
(Million) 

FY  14 
(Million) 

FY  15 
(Million) 

FY  16 
(Million) 

Total  per 
Component 

Labor 

$70.24 

$72.65 

$75.13 

$77.71 

$80.38 

$83.14 

$86.00 

$545.25 

Hardware 

$13.00 

$13.50 

$13.57 

$13.84 

$14.06 

$14.29 

$14.70 

$96.96 

Software 

$0.00 

$0.00 

$0.00 

$3.35 

$5.87 

$6.00 

$6.12 

$21.34 

Transport 

$7.60 

$18.39 

$18.85 

$19.31 

$19.73 

$20.14 

$20.59 

$124.61 

TOTAL 

$90.84 

$104.54 

$107.55 

$114.21 

$120.04 

$123.57 

$127.41 

$788.16 

Based  on  the  values  from  Table  4,  the  sum  of  the  total  thick-client  costs  for  labor, 
hardware,  software,  and  transport  over  the  seven  year  period  is  about  $788  million. 

To  help  in  understanding  how  the  values  in  Table  4  were  calculated,  the 
calculations  for  FY  13  are  given  below  as  an  example.  Since  this  thesis  is  concerned 
with  the  period  of  FY  10  through  FY  16,  the  CPS  model  had  to  be  adjusted  from  starting 
in  FY  05  to  starting  in  FY  10.  This  was  done  be  applying  the  10.7%  adjustment  to  the 
output  data  from  the  CPS  model.  Therefore,  to  provide  FY  13  as  an  example,  the 
corresponding  year  from  the  CPS’s  original  model  is  FY  08.  The  FY  08  excerpt  data 
from  the  CPS  model  calculations  for  the  thick-client  solution  is  provided  in  Appendix  A. 
Note  that  all  the  CPS  model  output  data  was  rolled  up  by  region  to  provide  a  more 
consolidated  view,  where  the  regions  are  the  island  nation  of  Bahrain,  Far  East,  and 
Europe. 

While  Appendix  B  provides  the  full  regional  rollups  for  FY05  through  FY1 1  that 
were  done  on  the  output  data  of  the  CPS  model,  for  this  example,  the  specific  table  for 
FY  08  is  used  to  show  the  corresponding  data  rollup  of  Appendix  A.  Table  5  shows  the 
specific  rollup  for  FY08  taken  from  Appendix  B.  The  data  in  Table  5  shows  the  rolled  up 
data  for  the  four  cost  components  prior  to  the  10.7%  adjustment  to  FY  13. 


Table  5.  FY08  Regional  Rollup  for  Thick-Client  Solution  (Appendix  B) 
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FY  08 

Labor 

Hardware 

Software 

Transport 

Bahrain 

$7,565,545 

$1,009,097 

$244,811 

$4,531,136 

FE 

$38,023,250 

$8,194,600.88 

$1,989,904.28 

$7,001,710 

EU 

$24,608,817 

$3,297,472.16 

$794,496.18 

$5,906,350 

total 

$70,197,612 

$12,501,170.42 

$3,029,211 

$17,439,196.91 

Applying  the  10.7%  adjustment  to  the  entire  data  in  Table  5  results  in  the  data 
used  in  Table  4  for  FY  13,  where  for  example  applying  the  adjustment  to  the  total  labor 
cost  is  as  follows: 

Labor:  $70,197,612  *  1.107  =  $77.71  million  (rounded  up) 

Applying  the  10.7%  adjustment  to  the  total  Hardware  in  Table  5  results  in  the 
following  hardware  cost  for  FY  13  in  Table  4: 

Hardware:  $12,501,170.42  *  1.107  =  $13.84  million  (rounded  up) 

Applying  the  10.7%  adjustment  to  the  total  Software  in  Table  5  results  in  the 
following  Software  value  for  FY  13  in  Table  4: 

Software:  $3,029,21 1  *  1.107  =  $3.35  million  (rounded  up) 

Applying  the  10.7%  adjustment  to  the  total  Transport  in  Table  5  results  in  the 
following  Transport  value  for  FY  13  in  Table  4: 

Transport:  $17,439,196.91  *  1.107  =  $19.31  million  (rounded  up) 

Therefore,  the  total  for  the  four  major  cost  components  under  FY  13  is: 

Total:  $77.71  +  $13.84 +  $3.35 +  $19.31  =$114.21  million 

Because  one  on  the  major  benefits  for  the  thin-client  solution  is  the  reduced 
power  and  cooling  usage,  the  cost  of  power  and  cooling  is  added  to  the  TCO  calculations 
for  both  thick-client  and  thin-client  solutions.  The  operating  and  cooling  power  is 
calculated  by  using  a  calculation  tool  provided  by  VMware®  Inc.  (VMware,  2010).  The 
annual  (360  days)  desktop  power  and  cooling  costs  for  27,284  thick-client  seats  are 
shown  in  Table  6.  Therefore,  the  annual  operating  and  cooling  power  costs  for  the 
current  ONE-NET  thick-client  solution  are  provided  in  Table  6,  where  the  total  annual 
cost  is  computed  as  21,687,506  kWh  *  $0.1016/kWh  =  $2,203,451. 
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Table  6.  Annual  Cost  of  Operating  and  Cooling  Power  on  Thick-Client  Solution 

(From  VMware,  2010) 


Desktop  Power  and  Cooling  Factors 

Thick-Client  Solution 
Values 

Hardware  operating  power  (W/h) 

102 

Air  conditioning  cooling  power  (W/h) 

82 

Operating  hours  per  day 

12 

Power  consumption  per  seat  (W) 

2,208 

Total  power  consumption  per  day  (W) 

60,243,072  W 

Total  power  and  cooling  (kW/yr) 

21,687,506 

Cost  per  kWh 

$0.1016 

Total  Annual  Cost 

$2,203,451 

Based  on  a  fixed  annual  cost  of  $0.1016  per  kilowatt  hour  (kW  h)  over  the  span  of 
the  contract,  the  total  seven  year  cost  for  the  current  ONE-NET  thick-client  solution  is 
then  $15.4  million  (rounded  up). 

2.  Thin-Client  Cost  Analysis 

Cost  analysis  for  the  thin-client  uses  similar  calculations  as  for  thick-client  except 
for  the  hardware  costs  and  labor  input  values  into  the  CPS  model.  One  of  the  advantages 
of  the  thin-client  solution  is  that  fewer  staff  personnel  are  required  to  manage  the  help¬ 
desk  and  administrative  support  because  the  software,  configuration  management, 
Information  Assurance  policy  enforcement,  etc.,  are  all  done  in  the  data  center. 
Furthermore,  because  the  simplicity  of  the  thin-client,  there  are  fewer  trouble  calls  from 
the  users.  Therefore,  while  the  number  of  managers  was  kept  the  same,  the  number  of 
service  desk  staff  used  in  the  labor  portion  of  the  cost  per  seat  model  is  half  the  number 
of  those  used  for  the  thick-client  solution.  Another  advantage  of  the  thin-client  solution 
is  that  the  hardware  cost  for  client  devices  has  a  lower  cost  compared  to  the  thick-client 
PC’s  cost.  An  unclassified  PC,  including  monitors,  costs  $1,216  and  a  classified  PC, 
including  monitors,  costs  $1,324.  A  market  estimate  of  $450  is  used  in  the  CPS  model  as 
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an  average  cost  for  both  classified  and  unclassified  thin-client  devices,  including 
monitors.  The  thin-client  calculations  for  the  four  major  cost  components  are  shown  in 
Table  7. 


Table  7.  Four  Major  Cost  Components  for  Thin-Client  Solution 


Major  Cost 
Factors 

FY  10 
(Million) 

FY  11 
(Million) 

FY  12 
(Million) 

FY  13 
(Million) 

FY  14 
(Million) 

FY  15 
(Million) 

FY  16 
(Million) 

Total  per 
Component 

Labor 

$42.90 

$44.65 

$45.87 

$47.45 

$49.60 

$51.45 

$53.22 

$335.14 

Hardware 

$5.13 

$5.54 

$5.48 

$5.76 

$5.63 

$5.69 

$5.91 

$39.14 

Software 

$0.00 

$0.00 

$0.00 

$3.35 

$5.87 

$5.99 

$6.12 

$21.33 

Transport 

$7.60 

$18.39 

$18.85 

$19.31 

$19.73 

$20.14 

$20.60 

$124.62 

TOTAL 

$55.63 

$68.58 

$70.20 

$75.87 

$80.83 

$83.27 

$85.85 

$520.23 

For  the  thin-client  solution,  the  cost  components  for  both  software  and  transport 
are  similar  to  those  for  the  thick-client  solution.  The  reason  for  the  similar  software  costs 
is  because  both  solutions  require  a  license  per  seat  and  the  number  of  seats  is  the  same. 
The  same  applies  to  the  transport  cost  component,  because  the  same  number  of  seats  are 
connected  to  the  data  centers  and  between  the  data  centers,  which  make  up  the  ONE-NET 
enterprise  network.  Similar  to  the  thick-client  solution,  the  cost  of  the  first  three  years  of 
software  licenses  is  included  in  the  initial  purchase  of  the  thin-clients  as  shown  in  Table 
7.  Even  though  the  software  resides  on  the  servers  instead  of  on  the  PCs,  there  is  still  a 
client  access  license  (CAL)  that  applies  to  each  seat. 

Based  on  Table  7  values,  the  sum  of  the  total  thin-client  costs  for  labor,  hardware, 
software,  and  transport  over  the  seven  year  period  is  $520  million  (rounded  up). 

Using  the  same  VMware  tool  for  calculating  the  desktop  power  and  cooling 

power  of  the  thick-client,  the  input  for  the  thin-client  is  adjusted  to  the  costs  associated 

with  the  thin-client  hardware.  Table  8  provides  the  annual  cost  for  power  and  cooling 

power  for  the  thin-client.  Table  8  also  includes  the  power  consumption  required  for  the 

virtual  desktop  servers  needed  to  support  the  thin-client  solution,  which  is  in  addition  to 
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what  the  current  servers  use  to  support  the  thick-client  PCs.  The  proposed  number  of 
virtual  servers  to  support  the  thin  clients  is  181  ESX  servers. 

Thus,  the  annual  cost  for  operating  and  cooling  power  for  the  thin-client  solution 
is  shown  in  Table  8. 

Table  8.  Annual  Cost  of  Power  and  Cooling  on  Thin-Client  Solution 

(From  VMware,  2010) 


Desktop  Power  and  Cooling 
Costs 

With  VMware  View  (Projected)  and  Thin  Clients 

Virtual  Desktop 
Server 

Thin  Client 

Total 

Hardware  operating  power 
(W/h) 

750 

15 

765 

Air  conditioning  cooling 
power  (W/h) 

600 

12 

612 

Operating  hours  per  day  (h) 

24 

12 

36 

Total  power  consumption 
(W/d) 

5,850,000 

8,840,016 

14,690,016 

Total  power  and  cooling 
(kW/yr) 

2,106,000 

3,182,406 

5,288,406 

Cost  per  kWh 

$0.1016 

$0.1016 

$0,106 

Total  annual  cost 

$213,970 

$323,332 

$537,302 

Based  on  a  fixed  annual  cost  of  $0.1016  per  kilowatt  hour  (kW  h)  over  the  span  of 
the  contract,  the  total  seven  year  cost  for  operating  and  cooling  power  for  the  current 
ONE-NET  thin-client  solution  is  $3.8  million  (rounded  up). 

The  thin-client  solution  thus  results  in  roughly  $1 1.6  million  savings  in  the  power 
and  cooling  cost,  thereby  offering  a  compelling  advantage  for  its  selection  over  the  thick- 
client  approach.  This  answers  the  third  detailed  question:  Are  there  any  other 
compelling  advantages  to  deploying  thin-client  desktops  and  virtualization-based  server 
technology  over  the  current  thick-client  desktops? 

The  following  additional  cost  analysis  is  performed  to  determine  the  up-front  IT 
capital  and  operating  investment  to  support  the  thin-client  seats.  The  IT  operating  and 
capital  investment  costs  include  the  costs  for  the  virtualization  servers,  storage 
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infrastructure,  and  licenses  for  the  VMware  infrastructure.  Table  9  shows  the  sum  of 
total  IT  capital  and  operating  investment  from  the  provided  VMware  cost  tables  of 
APPENDIX  C. 

Table  9.  IT  Capital  and  Operating  Investment  (From  VMware,  2010) 


Expected 
Investment  in 
Virtualization 

Year  1 
(M) 

Year  2 
(M) 

Year  3 
(M) 

Year  4 
(M) 

Year  5 
(M) 

Total  (M) 

IT  Capital 
Investment 

$8,012,287 

$9,627,480 

$11,504,809 

$2,709,958 

$2,786,107 

$34,640,641 

IT  Operating 
Investment 

$476,256 

$962,632 

$1,497,270 

$1,608,741 

$1,768,490 

$6,313,389 

Total 

Investments 

$8,488,543 

$10,590,112 

$13,002,079 

$4,318,699 

$4,554,597 

$40,954,030 

Given  the  seven-year  TCO  period,  the  proposed  plan  for  a  thin-client  solution  will 
take  five  years  to  complete.  However,  the  current  plan  for  rolling  out  thick  clients  is 
based  on  the  same  schedule.  This  is  an  important  point,  as  it  answers  the  fourth  detailed 
question:  Can  the  deployment  of  thin-client  desktops  be  done  during  the  current  seven 
year  technology  support  period  and  still  lower  the  TCO? 

3.  TCO  Comparison 

Table  10  shows  the  complete  TCO  comparisons  between  thick-client  and  thin- 
client  solutions.  The  second  row  in  Table  10  includes  the  total  costs  for  Labor, 
Hardware,  Software,  and  Transport  from  the  right  column  of  Table  4.  The  Power  & 
Cooling  cost  in  the  second  row  of  Table  10  comes  from  Table  6.  The  third  row  of  Table 
1 0  includes  the  total  costs  for  Labor,  Hardware,  Software,  and  Transport  from  the  right 
column  of  Table  7.  The  Power  &  Cooling  cost  in  the  third  row  of  Table  10  comes  from 
Table  8,  and  the  Virtualization  cost  is  from  Table  9.  As  shown  in  Table  10,  the  TCOs  for 
the  thick-client  solution  and  the  thin-client  solution  are,  respectively,  $803  million  and 
$565  million. 
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Table  10.  TCO  Comparison  between  Between  Thick-Client  and  Thin-Client  Solutions 


Alternative 

Solutions 

Labor 

Hardware 

Software 

Transport 

Power  & 
Cooling 

Virtualization 

TCO 

Thick- 

Client 

$545 

$97 

$21 

$125 

$15.4 

$0 

$803 

Thin- 

Client 

$335 

$39 

$21 

$125 

$3.8 

$41 

$565 

The  proposed  thin-client  solution  thus  results  in  a  much  lower  TCO  than  does  the 
current  thick-client  solution,  by  $238  million  over  the  seven-year  period.  As  previously 
explained,  the  cost  of  software  licenses  and  transport  for  the  same  number  of  seats  is 
similar  in  both  alternatives.  While  the  thin-client  solution  does  require  $41  million  in 
additional  investment  for  the  virtualization  resources  in  the  data  center  to  support  the  thin 
clients,  the  lower  labor  and  hardware  costs  of  the  thin-client  solution  dominate  the  TCO 
differences.  The  deployment  methodology  is  to  use  a  similar  deployment  schedule  for 
both  the  thin-client  solution  and  the  current  thick-client  solution.  The  methodology 
allows  the  additional  ramp  up  in  server  resources  to  support  the  thin-clients  at  a  lower 
TCO,  which  answers  the  fifth  detailed  question:  What  would  be  the  recommended 
deployment  methodology  that  will  achieve  the  lower  TCO?  The  incremental  30% 
deployment  during  the  first  three  years  and  the  last  10%  over  the  following  two  years 
were  used  in  the  CPS  and  VMware  calculation  models  for  both  thick-client  and  thin- 
client  alternatives.  Therefore,  the  lower  TCO  result  for  the  thin-client  solution  supports 
the  recommended  proposal  for  the  alternative  solution. 

D.  CHAPTER  SUMMARY 

The  Total  Cost  of  Ownership  (TCO)  concept  offers  excellent  insight  into  business 
processes  and  levels  of  service,  which  will  help  improve  efficiencies  and  effectiveness. 
The  object  of  good  business  is  to  attain  the  lowest  TCO.  In  order  to  compare  the  TCO  of 
the  current  thick-client  solution  with  the  proposed  thin-client  solution,  separate 
calculations  were  done  for  the  costs  per  seat  over  the  seven-year  period.  For  the  thick- 
client  solution,  the  CPS  model  was  adjusted  for  inflation  by  10.7%  to  cover  the 

applicable  period  of  FY  10  through  FY  16.  An  additional  VMware  tool  was  used  to 
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calculate  the  power  and  cooling  costs  for  the  thick-client  solution,  which  were  added  to 
the  CPS  model  results  as  the  TCO  for  the  thick-client  solution. 

For  the  proposed  thin-client  solution,  a  similar  adjustment  was  done  to  the  CPS 
model  using  the  same  10.7%  inflation  increase,  except  that  the  inputs  to  the  model  for  the 
hardware  and  labor,  which  were  different  from  the  thick-client  inputs.  The  VMware  tool 
was  also  used  to  calculate  the  power  and  cooling  costs  for  the  thin-client  solution,  which 
were  added  to  the  CPS  model  results,  as  well  as  the  additional  costs  for  the  upfront  IT 
capital  and  operating  investment  giving  the  TCO  for  the  thin-client  solution. 

In  calculations  for  both  the  thick-client  and  thin-client  solutions,  the  same  27,284 
seats  were  used.  The  potential  savings  of  $238  million  is  significant,  and  the  proposed 
thin-client  solution  does  not  introduce  much  technical  or  schedule  risk  because  the 
technology  is  already  proven.  Therefore,  the  answer  is  ‘yes’  to  the  second  detailed 
question:  Will  the  TCO  of  ONE -NET  over  the  next  seven  years  be  low  enough  to  justify 
the  additional  risk  and  up-front  investment  in  deploying  the  thin-client  desktops? 

The  main  reasons  for  the  cost  savings  are  the  much  lower  labor  costs  and  the 
much  lower  power  and  cooling  costs.  The  lower  energy  cost  answers  the  third  detailed 
question:  Are  there  any  other  compelling  advantages  to  deploying  thin-client  desktops 
and  virtualization-based  server  technology  over  the  current  thick-client  desktops?  Also, 
the  point  of  using  the  existing  infrastructure  and  deploying  the  additional  resources  to 
support  the  thin  clients  makes  it  possible  to  use  the  same  schedule  as  the  current  thick- 
client  solution.  Having  the  deployment  effort  for  the  thin-client  solution  priced  by  a 
vendor  such  as  VMware  within  the  same  time  frame  scheduled  for  the  thick-client 
solution  provides  the  answer  to  the  fourth  detailed  question  of:  Can  the  deployment  of 
thin-client  desktops  be  done  during  the  current  seven  year  technology  support  period  and 
still  lower  the  TCO?  The  TCO  comparison  between  the  thick-client  and  thin-client 
solutions  is  summarized  in  Table  10. 

The  same  methodology  for  deploying  thick  clients  is  recommended  for  deploying 
thin  clients,  and  since  the  TCO  calculations  using  this  recommendation  show  a  lower 
TCO  for  the  thin-client  solution,  the  fifth  detailed  question,  “What  would  be  the 
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recommended  deployment  methodology  that  will  achieve  the  lower  TCO?”  has  been 
answered.  The  answer  is  a  similar  incremental  30%  per  year  deployment  during  the  first 
three  years  and  the  last  10%  over  the  following  two  years. 
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V.  CONCLUSION 


Motivated  by  the  prospects  of  reducing  the  TCO  of  ONE-NET,  the  hypothesis  of 
this  thesis  is  that  by  deploying  a  thin-client  desktop  and  virtualization-based  server 
solution,  the  TCO  over  the  next  seven  years  would  be  lower  than  that  of  the  current  plan 
for  thick-client  PCs.  The  primary  question  then  is  whether  the  TCO  of  the  proposed 
alternative  thin-client  solution  will  be  lower  than  that  of  the  current  thick-client  solution. 
Answering  the  question  amounts  to  answering  the  detailed  questions.  The  detailed 
questions  and  their  answers  are  summarized  next. 

A  comprehensive  review  of  thin-client  technology  indicates  that  the  thin-client 
and  server  virtualization  technology  has  finally  matured  and  solved  the  issues  of  GUI 
responsiveness  similar  to  the  desktop  PCs,  and  is  therefore  technically  feasible  as  an 
alternative  to  the  current  thick-client  solution.  The  answer  to  the  first  detailed  question, 
“Will  replacement  of  the  current  thick-client  desktops  with  thin-client  desktops  meet  the 
operational  requirements  of  ONE-NET?”  is  that  the  same  software  image  building 
process  is  used  for  the  thin-client  as  for  the  thick-client,  so  the  operational  requirements 
for  applications  and  security  are  the  same.  In  fact,  the  security  of  the  thin-client  solution 
is  much  more  robust  than  that  of  the  thick-client  solution,  because  the  former  is  all  done 
centrally  in  the  data  center  and  is  not  exposed  to  various  implementations  and 
enforcement  at  the  end  user  seats. 

The  second  detailed  question  is:  Will  the  TCO  of  ONE-NET  over  the  next  seven 
years  be  low  enough  to  justify  the  additional  risk  and  up-front  investment  in  deploying 
the  thin-client  desktops?  The  calculations  indicate  that  the  additional  investment  of  $41 
million  is  substantially  less  than  $210  million  in  labor  cost  savings  and  an  additional  $58 
million  in  hardware  savings  of  deploying  thin-client  seats,  instead  of  the  refreshed  thick- 
client  PCs. 

An  interesting  aspect  of  the  thin-client  solution  is  the  advantage  of  lower 
operating  and  cooling  power  costs  compared  to  those  of  the  thick-client  solution.  Based 
on  the  findings  in  this  thesis,  the  power  and  cooling  cost  for  the  thin-client  solution  is 
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$1 1.6  million  less  than  that  of  the  thick-client  solution.  Thus  the  thin-client  solution  has 
a  compelling  advantage  over  the  thick-client  desktop  PCs  from  an  energy  savings 
perspective.  This  compelling  advantage  answers  the  third  detailed  question:  Are  there 
any  other  compelling  advantages  to  deploying  thin-client  desktops  and  virtualization- 
based  server  technology  over  the  current  thick-client  desktops? 

The  recommendation  to  use  the  existing  infrastructure  and  deploying  the 
additional  resources  to  support  the  thin  clients  is  supported  by  a  lower  TCO,  as  compared 
to  that  of  the  thick-client  solution  (Table  10).  It  is  thus  possible  to  use  the  same  schedule 
used  for  the  current  thick-client  solution,  thereby  answering  the  fourth  detailed  question 
of  this  thesis:  Can  the  deployment  of  Thin-Client  desktops  be  done  during  the  current 
seven  year  technology  support  period  and  still  lower  the  TCO?  The  proposed  thin-client 
solution  is  feasible  within  the  given  timeframe.  Furthermore,  the  recommendation  for 
deploying  the  thin-client  solution  using  the  same  incremental  30%  per  year  deployment 
during  the  first  three  years  and  the  last  10%  over  the  following  two  years  answers  the 
fifth  detailed  question:  What  would  be  the  recommended  deployment  methodology  that 
will  achieve  the  lower  TCO?  The  resulting  lower  TCO  supports  this  recommendation 
and  provides  a  strong  incentive  to  pursue  the  thin-client  solution. 

The  latest  technology  of  cloud  computing  offers  an  interesting  topic  for  future 
work  in  studying  how  the  concept  relates  to  enterprise  networks  and  TCO.  The  main 
paradigm  of  cloud  computing  is  that  the  thin-client  user  does  not  know  which  physical 
server  in  the  network  ‘cloud’  it  is  communicating  with.  In  other  words,  the  traditional 
server  is  replaced  with  an  abstract  service  that  can  be  running  on  several  different 
physical  servers  that  synchronize  their  data. 

While  many  institutions,  including  the  U.S.  Navy,  are  looking  for  ways  to  take 
advantage  of  cloud  computing  technology,  there  are  several  serious  issues  that  still  need 
to  be  resolved  such  as  IA.  All  Navy  IA  Controls  and  certification  processes  today  rely 
heavily  on  knowing  the  exact  network  topology,  installed  software  location,  and  end-to- 
end  communication  channels.  Resolving  the  IA  challenges  of  cloud  computing  is  also  a 
potential  topic  for  future  research. 
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APPENDIX  A.  CPS  MODEL  CALCULATION  RESULTS  FOR  FY08 
UNADJUSTED  THICK-CLIENT  SOLUTION 


Table  11  provides  an  excerpt  from  the  CPS  model  calculations  for  the  three 
regions:  the  island  nation  of  Bahrain,  Far  East,  and  Europe. 

Table  11.  FY  08  Unadjusted  Thick-Client  Solution  Cost  Results 


2008 


Su 

mmary  Cost  Per 
Se^:  Data 

Sed:s 

Total  Cost 

LN  SC  Labor 
Cost 

TNOSC  Labor 
Alloc^ion 

Other  Labor 
Cost 

Hard  ware  Cost 

Software  Cost 

Transport 

Cost 

Bat 

iran  CPS 2008 

2,205 

$13,350;580 

57,271,731 

SO 

5293,754 

51.009,097 

5244,311 

54,531.136 

Yokosuka  2008 

7,707 

$18,178472 

51,394,334 

510,045,198 

593.661 

53,433,633 

5055.671 

52,300,374 

Guam  2008 

2,839 

$8,801  376 

53,433,934 

53,700,314 

563,151 

51,233,727 

5315,200 

50 

Atsugi  2008 

3.555 

$8,438,701 

51,753,526 

54,633,533 

553,340 

51,657.250 

5394,695 

5940,051 

Sasebo  2008 

733 

$4,750,751 

51,133,536 

5955,332 

523,573 

5331.715 

531,331 

52,165,114 

M  sawa  2008 

762 

$2,768  483 

51,230,353 

5993,180 

531,355 

5333,345 

534,601 

590,150 

Okinawa  2008 

787 

$2,833314 

51,464,023 

51,025,765 

554,162 

5361,937 

507,377 

50 

Diego  Garcia  2008 

241 

$1,417608 

5948,941 

5314,116 

521,969 

5105,326 

526,757 

50 

Singapore  2008 

374 

$1,842,708 

$965,752 

5437.466 

522.143 

5196.233 

541,523 

5129,534 

Korea  2008 

825 

$4,018042 

51,361,200 

51.205,632 

537,543 

5435.234 

5102,690 

5075,679 

Far  East  CPS  2008 

17,823 

$  55308,465 

$  14,246,250 

$  23060,533 

$416,407 

$  8,184,601 

$  1638,804 

$7,001,710 

Naples  2008 

3,072 

$13,836613 

52,212,134 

56,003,047 

5114.720 

51,412,505 

5341,069 

53,772,763 

Sigonella  2008 

1,813 

$8,006234 

52,546,506 

53,730,226 

5147,799 

5026.392 

5212.391 

5534,041 

Rota  2008 

1,218 

$7,138  033 

52,053,161 

52,302,069 

5142.104 

5565,035 

$135,340 

51.060,590 

London  2008 

La  Maddalena  2008 

370 

$2,436,730 

51,150,702 

5723,023 

560,100 

5197,097 

541,079 

5255,040 

Souda  Bay  2008 

332 

$3,168,755 

51,331,736 

51,137,296 

550,026 

5294.764 

564,617 

$282,316 

Europe  CPS  2008 

7,136 

$  34607,136 

$  10,102,388 

$  13683,661 

$522,758 

$  3,287,472 

$  784,486 

$5,806,350 
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APPENDIX  B.  REGIONAL  ROLLUP  CALCULATIONS  FOR  TCO 
OF  THICK-CLIENT  SOLUTION 


Table  12  provides  the  rollup  calculation  results  from  the  thick-client  data  output 
of  the  costs  per  seat  model.  For  each  year,  the  individual  cost  components  for  labor, 
hardware,  software,  and  transport  were  summed  up  by  the  three  regions  of  the  island 
nation  of  Bahrain,  Far  East  (FE),  and  Europe  (EU). 


Table  12.  FY  05  Through  FY  1 1  Regional  Rollup  Costs 


FY  05 

Labor 

Hardware 

Software 

Transport 

Bahrain 

$6,843,128.98 

$949,033 

$0 

$2,890,494 

FE 

$34,353,139.14 

$7,694,836.58 

0 

$2,877,569 

EU 

$22,258,738.40 

$3,005,197.91 

0 

$1,094,918.00 

total 

$63,455,006.52 

$11,649,067.72 

$0 

$6,862,981.00 

FY  06 

Labor 

Hardware 

Software 

Transport 

Bahrain 

$7,075,801 

$968,014 

$0 

$4,346,660 

FE 

$35,541,323.17 

$7,998,673.32 

0 

$6,703,797 

EU 

$23,015,563.17 

$3,191,781.86 

0 

$5,560,265.34 

total 

$65,632,687.25 

$12,158,469.08 

$0 

$16,610,722.26 

FY  07 

Labor 

Hardware 

Software 

Transport 

Bahrain 

$7,316,573 

$988,342 

$0 

$4,437,940 

FE 

$36,751,442 

$8,036,467.96 

0 

6,857,698.67 

EU 

$23,798,845 

$3,229,649.52 

0 

5,729,455.99 

total 

$67,866,860 

$12,254,459.67 

$0 

$17,025,094.40 

FY  08 

Labor 

Hardware 

Software 

Transport 

Bahrain 

$7,565,545 

$1,009,097 

$244,811 

$4,531,136 

FE 

$38,023,250 

$8,194,600.88 

$1,989,904.28 

$7,001,710 

EU 

$24,608,817 

$3,297,472.16 

$794,496.18 

$5,906,350 

total 

$70,197,612 

$12,501,170.42 

$3,029,211 

$17,439,196.91 

FY  09 

Labor 

Hardware 

Software 

Transport 

Bahrain 

$7,822,817 

$1,030,288 

$428,488 

$4,626,290 

FE 

$39,338,538.86 

$8,392,742.36 

$3,482,901.03 

$7,162,425 

EU 

$25,445,675.33 

$3,275,527.09 

$1,390,595.31 

$6,030,383 
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total 

$72,607,031.07 

$12,698,557.87 

$5,301,985 

$17,819,098.84 

FY  10 

Labor 

Hardware 

Software 

Transport 

Bahrain 

$8,088,927 

$1,051,924 

$437,487 

$4,723,442 

FE 

$40,699,560 

$8,529,087 

$3,556,041.95 

$7,312,836 

EU 

$26,311,356 

$3,331,012.16 

$1,419,797.81 

$6,157,021 

total 

$75,099,843 

$12,912,023.57 

$5,413,326 

$18,193,299.92 

FY  11 

Labor 

Hardware 

Software 

Transport 

Bahrain 

$8,363,991 

$1,074,015 

$446,674 

$4,822,635 

FE 

$42,107,392 

$8,721,778.09 

$3,630,718.83 

$7,473,535 

EU 

$27,206,092.37 

$3,485,840.44 

$1,449,613.57 

$6,306,689.44 

total 

$77,677,475.77 

$13,281,633.42 

$5,527,006 

$18,602,859.37 
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APPENDIX  C.  VMWARE  CAPITAL  AND  OPERATING 
INVESTMENT  COSTS  FOR  VIRTUALIZATION 


Table  13  provides  the  calculated  costs  from  VMware  Inc.  based  on  the  27,284 
seats  required  by  ONE-NET. 


Table  13.  VMware  Virtualization  Capital  and  Operating  Investment  Costs 


vmware 


VNtwara  TCO/HOI  Calculator  Report 


View 

Initial  /  Year  1 

Year  2 

Year  3 

Year4 

Years 

Total 

IT  Capital  Investment 

VMware  VlewServer  and  Storage 
Infrastructure  Configuration 

$2,307,555 

$2,307 ,555 

$2,999,822 

$761  ,494 

$837,643 

$9,214,069 

VMware  View  Configuration  - 
Desktop  Virtualization 

$2,545,732 

$3,845 ,025 

$4,714,187 

$1  ,000,764 

$1,000,764 

$1  3,106,472 

VMware  View  Configuration  -  Thin 
Client  M  igration 

$3,159,000 

$3,474 ,900 

$3,790,800 

$947 ,700 

$947,700 

$1  2,320,100 

Total  IT  Capital  Investment 

$8,01 2,287 

$9,627,480 

$11,504,809 

$2,709,958 

$2,786,107 

$34,640,641 

IT  Operating  Investment 

VMv^are  View  Support  and 
Subscription 

$438,750 

$921  ,375 

$1 ,452,263 

$1  ,597,489 

$1,757,238 

$6,167,115 

VMware  View  Implementation 
Professional  Services  and  Labor 

$37,506 

$41  ,257 

$45,007 

$11  ,252 

$11,252 

$146,274 

Total  IT  0|>erating  Investment 

$476,256 

$962,632 

$1,497,270 

$1,608,741 

$1,768,490 

$6,313,389 

Total  Investments 

$8,488,543 

$10,590,112 

$13,002,079 

$4,318,699 

$4554597 

$40,954030 

©  Copyright  2001  -  2009,  VMware,  Inc.  and  Alinean,  Inc.  All  rights  reserved. 
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